Oct 6 2017

Setting an Active Directory User Account to Expire at a Specific Time of Day with PowerShell – Mike F Robbins #active #directory #time #server


Setting an Active Directory User Account to Expire at a Specific Time of Day with PowerShell

Notice that in Active Directory Users and Computers (ADUC) when setting the expiration of a user account, there s only a way to have the account expire at the end of a specific day:

The same option exists in the Active Directory Administrative Center (ADAC):

In ADAC, you can see the PowerShell command that the GUI uses to accomplish this task:

Let s query that particular property with PowerShell to see exactly what it s now set to:

Note: The examples shown in this blog article require the Remote Server Administration Tools (RSAT) to be installed on the workstation these commands are being run from (specifically, the Active Directory PowerShell module). The workstation these examples were run from has PowerShell version 4 installed so the module auto-loading feature that was introduced in PowerShell version 3 loaded the Active Directory module and there was no need to explicitly import the Active Directory PowerShell module.

Share this:

it is easy to set one user account to expire in powershell. what about 500 uses?

If you have a list than you can use IMPORT-CSV and pipe that into a LOOP and create a header in the csv file like $_.user and it will run though the list. Maybe this will help someone
import-csv C:\csvfile.csv | foreach-object

if you want to loop though an ou than, try using Get-ADUser -Filter * -SearchBase OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM . instead of import-csv

Hi Mike, is there a good way to use this but only have the users disabled for a period of time, say just a week?

Hi Mike,
Is there a way to add 90 days to multiple users in a csv with different expiration dates?

I d say if you had those dates in the correct format in the CSV file, you can pipe the expiration data into the PS script, too.

AWESOME. Yet another powershell example that doesn t first explain what to do to actually make the solution work for someone. The term Get-ADUser is not recognized as the name of a cmdlet, function, script file, or operable program

Oh, and now I realize you put the prerequisites at the END of your how-to. Interesting.

If you didn t know that you needed to load the AD module in order to run an AD cmdlet, you probably shouldn t be performing AD related tasks

Written by admin

%d bloggers like this: