Notice that in Active Directory Users and Computers (ADUC) when setting the expiration of a user account, there’s only a way to have the account expire at the end of a specific day:

The same option exists in the Active Directory Administrative Center (ADAC):

In ADAC, you can see the PowerShell command that the GUI uses to accomplish this task:

Let’s query that particular property with PowerShell to see exactly what it’s now set to:

Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate

Notice in the previous results, that there’s not only a date, but a time as well.

Using PowerShell, I’ll set the AccountExpirationDate to the specific date and time when I want the account to expire:

Set-ADAccountExpiration -Identity alan0 -DateTime '12/10/2013 17:00:00'

Now I’ll double check the value of what that particular property is set to again:

Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate

One thing I noticed is that once the date and time set for the account to expire was reached, the user was prevented from logging into a pc, but it took a while before they were prevented from logging into Outlook Web Access. Just something to keep in mind 🙂.

What if you change your mind after setting this value and want to set it so the account doesn’t expire? Since I originally set this property using the GUI I don’t know what the default value was. I’ll take a look at another account to see what it’s set to:

Get-ADUser -Identity jason0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate

So it needs to be set to nothing. I’ll try setting it to $null to see if that works:

Set-ADAccountExpiration -Identity alan0 -DateTime $null

Looks like that worked:

Get-ADUser -Identity alan0 -Properties AccountExpirationDate |
Select-Object -Property SamAccountName, AccountExpirationDate

文章出处