I needed a quick way to audit Active Directory accounts, the powershell script dumps the following active directory attributes:
samaccountname
DistiguishedName
whenCreated
lastLogonDate
pwdLastSet
accountExpires
userAccountControl
Enabled
For the audit the userAccountControl attribute is very useful, this attribute contains a code that maps back to the users account status and password change requirements. These are the codes we are interested in:
512 = "NORMAL_ACCOUNT"
514 = "ACCOUNT_DISABLE_NORMAL_ACCESSS"
544 = "NORMAL_ACCOUNT_PASSWORD_NOT_REQUIRED"
546 = "ACCOUNT_DISABLED_NORMAL_ACCOUNT_PASSWORD_NOT_REQUIRED"
66048 = "NORMAL_ACCOUNT_DONT_EXPIRE_PASSWORD"
66050 = "ACCOUNT_DISABLED_NORMAL_ACCOUNT_DONT_EXPIRE_PASSOWRD"
66080 = "PASSWORD_NOT_REQUIRED_NORMAL_ACCOUNT_DONT_EXPIRE_PASSWORD"
590336 = "NORMAL_ACCOUNT_DONT_EXPIRE_PASSWORD_TRUSTED_FOR_DELEGATION"
Here is some more information on the codes from Microsoft:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
Here is the powershell script we use to extract this data for analysis, it creates a csv file which we import to excel for analysis.
https://github.com/zs1rcm/powershell-scripts/blob/main/ExtractAccountData.ps1
imamba 