Check every user account in Active Directory and report back the users who:
are not disabled,
are allowed to change their password,
have a password age greater than 60 days,
the password is not expired.
Create a new scope action, define its name and click on Next.
Under Scope, select the Users object type. Double click on Add New.
Click on Add a Container or Domain, select the root domain and check: Include sub-containers. Click on OK, then OK again. Click on Next.
Under Actions, double click on Add New to start the Action Module property window.
Under Execute the following Action(s), click on Add/Remove > Report User Property > Account Statistics > Password Age. Click on Next.
Add any other attribute which may be of interest in your report.
UnderOnly if the following is true, configure the following conditions:
Add/Remove > Set User Condition > User Account Information > Account Disabled :: = ::FALSE
Add/Remove > Set User Condition > User Account Information > User Cannot Change Password :: = ::FALSE
Add/Remove > Set User Condition > User Account Information > Password Expired :: = ::FALSE
Add/Remove > Set User Condition > Account Statistics > Password Age :: > ::60
Note: If you wanted to add the criteria: The user must have logged-in at least once, their are a couple of ways to do that.
For instance, you could add the following condition:
Add/Remove > Set User Condition > Account Statistics > Successful Logon Count :: NOT= ::0
However, this active directory attribute is not replicated across domain controllers and so it might not be reliable in your environment.
If your user accounts are configured with a roaming profile, you could also use the following condition:
Add/Remove > Set User Condition > Account Statistics > Roaming Profile Time Stamp :: > ::01/01/1990 (or whatever date is appropriate).
Complete your scope action and run it.
To view the report of the scope action, right-click on it and select View Last Run's Report. From the Select Report Format window, select the HTML format - Report Model and click on OK.
Note: The HTML report includes an Export to CSV button. Click on it to save the data displayed into a comma separated value file or to view the data in Microsoft Excel.