PowerShell.com
Forums » Ask the Experts » PowerShell for Active Directory » Changing account expiration date for multiple active directory accounts

Changing account expiration date for multiple active directory accounts

rated by 0 users
This post has 7 Replies | 2 Followers

Not Ranked
Posts 4
Reply
caz42767 Posted: 07-25-2011 10:43 AM

Ive been endlessly searching for a script to change the expiration date of multiple users in a particular organizational unit. I havent had much luck, can anyone help?

Top 10 Contributor
Posts 296
Microsoft MVP
Top Contributor
Reply
RSiddaway replied on 07-25-2011 1:37 PM

try this

$date = "01/01/2012 00:00:00"

$ou = [adsi]"LDAP://ou=test,dc=manticore,dc=org"

$search = [System.DirectoryServices.DirectorySearcher]$ou
$search.Filter = "(&(objectclass=user)(objectcategory=user))"
$search.SizeLimit = 3000
$results = $search.FindAll()

foreach ($result in $results){

 $target = $result.GetDirectoryEntry()
 $target.AccountExpirationDate = $date
 $target.SetInfo()
}

The date shows the start of a day. The account expires at the end of the previous day.

set the OU, search for all users and set the AccountExpirationDate  - note that it is a string not a date.

On my Windows 2008 R2 system this worked and the correct date was shown in ADSIEdit.  AD Users and Computers showed a date that was 1 day earlier.

 

 

 

Not Ranked
Posts 4
Reply
caz42767 replied on 07-25-2011 2:25 PM

Thank you for your reply. When running your suggestion I got the following error:

 

Exception calling "FindAll" with "0" argument(s): "A referral was returned from the server.

"

At line:1 char:27

+ $results = $search.FindAll <<<< ()

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

 

I wish I spoke that language, haha. If this error message is jibbrish for you also let me ask you this, I originally created the accounts in bulk  from a .CSV file. do you know if there is a way to add a column in my .CSV file to set the expiration attribute to 30 days from creation?

Top 10 Contributor
Posts 296
Microsoft MVP
Top Contributor
Reply
RSiddaway replied on 07-25-2011 2:41 PM

Did you change the OU to one in your domain?

Not Ranked
Posts 4
Reply
caz42767 replied on 07-25-2011 2:47 PM

I had a typo in my domain, added an extra .edu! It now works, thank you so much for your help!

Top 10 Contributor
Posts 296
Microsoft MVP
Top Contributor
Reply
RSiddaway replied on 07-25-2011 2:50 PM

You don't need a column for the date.

All you need to do is include this code when you create the user account

I'm presuming that $user is the user object you are creating - change to match your script

$expiry = (Get-Date).AddDays(30).ToShortDateString()

$user.AccountExpirationDate = $expiry
$user.SetInfo()

 

just a thought - did you use the date in my script?  If you are in the US or somewhere where the convention is month/day/year  

 

Not Ranked
Posts 4
Reply
caz42767 replied on 07-25-2011 3:11 PM

Oh I see, I will try it with this included in the code.

I did use the date in your script, and it works perfect! thanks again.

Not Ranked
Posts 1
Reply
tsavage replied on 09-10-2012 10:48 AM

Thank you so much for this quick and easy script.  You saved me from having to manually change 600+ accounts in a matter of a few hours.

Page 1 of 1 (8 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.