Hi @rerhart ,
maybe this is helpful (not tested):
# Get AD User with expiration date less than today
Get-ADUser $User -Properties * | Where-Object {$_.AccountExpirationDate -le (Get-Date)}
# Get enabled AD user only
Get-ADUser $User -Properties * | Where-Object {$_.Enabled -like “true”}
# Combined
Get-ADUser $User -Properties * | Where-Object {($_.AccountExpirationDate -le (Get-Date)) -and ($_.Enabled -like “true”)}
# Get-ADuser search Subtree of -Searchbase
Get-ADUser $User -Properties * -SearchBase "OU=USA,DC=company,DC=com" -SearchScope Subtree
# User not in Group
$notinGroup = get-adgroup "NONVPN "
Get-ADUser $User -Properties * | Where-Object {$notinGroup.DistinguishedName -notin $_.memberof}
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten