Below is code that is working very well but gives more information than I require.
I'm trying to filter out accounts that do not have an account expiry as well as accounts that are disabled.
No amount of -filter combinations I try is successful and any help would be greatly appreciated.
______________________________
[cmdletbinding()]
param (
[String] $GroupName
)
import-module activedirectory
$Members = Get-ADGroupMember -Identity $GroupName
$members | % {
if($_.ObjectClass -eq "group") {
Get-ADNestedGroupMembers -GroupName $_.distinguishedName
} else {
return $_.distinguishedname
}
}
}
import-module activedirectory
Get-ADNestedGroupMembers -groupname "DN Refurb" |
`Get-ADUser -Prop Description,samAccountName,AccountExpirationDate |
`Select-Object Name,samAccountName,AccountExpirationDate |
`Sort-Object AccountExpirationDate |
#`Format-Table -property * -AutoSize |
`ConvertTo-HTML | Out-File C:\Temp\AccountExpiry.htm
Invoke-Expression C:\Temp\AccountExpiry.htm