Setting an Active Directory User Account to Expire at a Specific Time of Day with PowerShell
Notice that in Active Directory Users and Computers (ADUC) when setting the expiration of a user account, there’s only a way to have the account expire at the end of a specific day:
The same option exists in the Active Directory Administrative Center (ADAC):
In ADAC, you can see the PowerShell command that the GUI uses to accomplish this task:
Let’s query that particular property with PowerShell to see exactly what it’s now set to:
Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate
Notice in the previous results, that there’s not only a date, but a time as well.
Using PowerShell, I’ll set the AccountExpirationDate to the specific date and time when I want the account to expire:
Set-ADAccountExpiration -Identity alan0 -DateTime '12/10/2013 17:00:00'
Now I’ll double check the value of what that particular property is set to again:
Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate
One thing I noticed is that once the date and time set for the account to expire was reached, the user was prevented from logging into a pc, but it took a while before they were prevented from logging into Outlook Web Access. Just something to keep in mind 🙂.
What if you change your mind after setting this value and want to set it so the account doesn’t expire? Since I originally set this property using the GUI I don’t know what the default value was. I’ll take a look at another account to see what it’s set to:
Get-ADUser -Identity jason0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate
So it needs to be set to nothing. I’ll try setting it to $null to see if that works:
Set-ADAccountExpiration -Identity alan0 -DateTime $null
Looks like that worked:
Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate