Our security team implemented a rule that all vendor user accounts must be reviewed and renewed every 30 days.  To facilitate this process, I created a script to automate retrieval of the expiration date of the vendor accounts based on the description and/or title fields which is where the company name of the vendor was stored.  The resulting .csv file was then used to review the accounts and to open a ticket for renewal of the current accounts.

The PowerShell code below can be used to create a script that can be scheduled to get the user account expiration date for accounts that must be reviewed and renewed on a regular basis.

The code parses Active Directory for user accounts that have an expiration date as well as a specific value in the description or title attribute.  It outputs the name, title, description and account expiration date, sorts by expiration date, exports to a .csv file and then renames the .csv file to include the date the file was created.

Get-ADUser -Filter {(description -like "*Vendor1*") -or (title -like "*Vendor1*")} -Properties Description, Title, AccountExpirationDate `
 |Where-Object{$_.AccountExpirationDate -ne $null} `
 | Select-Object Name, SamAccountName, Description, Title, Enabled, AccountExpirationDate `
 | Sort AccountExpirationDate `
 | Export-Csv "\\Server1\Vendors\Vendor1Renewal.csv" -NoTypeInformation
 dir \\Server1\Vendors\Vendor1Renewal.csv `
 | Rename-Item -NewName {$_.BaseName+"_"+(Get-Date -f MM-dd-yyyy)+$_.Extension}

Note:  This action requires the Active Directory module.  Depending on the PowerShell version you are using, you may need to import the module first (Import-Module ActiveDirectory).