PowerShell Docs

Appearance

Set-UserExpirationDate

Users: Sets the expiration date for an Active Directory account

Script
param(
	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$OUPath,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$Username,

	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[PSCredential]$DomainAccount,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[datetime]$ExpirationDate,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[switch]$NeverExpires,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$DomainName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Base', 'OneLevel', 'SubTree')]
	[string]$SearchScope = 'SubTree',

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Basic', 'Negotiate')]
	[string]$AuthType = "Negotiate"
)

try {
	Import-Module ActiveDirectory -ErrorAction Stop

	[hashtable]$cmdArgs = @{
		'ErrorAction' = 'Stop'
		'AuthType'    = $AuthType
	}
	if ($null -ne $DomainAccount) {
		$cmdArgs.Add("Credential", $DomainAccount)
	}
	if ([System.String]::IsNullOrWhiteSpace($DomainName)) {
		$cmdArgs.Add("Current", 'LocalComputer')
	} else {
		$cmdArgs.Add("Identity", $DomainName)
	}
	$Domain = Get-ADDomain @cmdArgs

	$getArgs = @{
		'ErrorAction' = 'Stop'
		'Server'      = $Domain.PDCEmulator
		'AuthType'    = $AuthType
		'SearchBase'  = $OUPath
		'SearchScope' = $SearchScope
		'Filter'      = "SamAccountName -eq '$Username' -or DisplayName -eq '$Username' -or DistinguishedName -eq '$Username' -or UserPrincipalName -eq '$Username'"
	}
	if ($null -ne $DomainAccount) { $getArgs.Add("Credential", $DomainAccount) }

	$user = Get-ADUser @getArgs
	
	if ($null -ne $user) {
		$setArgs = @{
			'ErrorAction' = 'Stop'
			'Server'      = $Domain.PDCEmulator
			'AuthType'    = $AuthType
			'Identity'    = $user.SamAccountName
		}
		if ($null -ne $DomainAccount) { $setArgs.Add("Credential", $DomainAccount) }

		if ($NeverExpires) {
			Set-ADUser @setArgs -AccountExpirationDate $null
			Write-Output "Account for user '$Username' set to never expire."
		} else {
			if ($ExpirationDate -lt (Get-Date)) {
				throw "Expiration date cannot be in the past."
			}
			Set-ADUser @setArgs -AccountExpirationDate $ExpirationDate
			Write-Output "Account for user '$Username' expiration date set to $ExpirationDate."
		}
	} else {
		throw "User '$Username' not found in OU '$OUPath'"
	}
} catch {
	Write-Error $_
	exit 1
}
Customize

Specifies the Active Directory path (OU).

Display name, SAMAccountName, DistinguishedName or UPN of the account.

Active Directory Credential for remote execution without CredSSP.

Specifies the new expiration date.

Off

Specifies that the account should never expire.

Name of the Active Directory Domain.

Specifies the scope of the search (Base, OneLevel, SubTree).

Specifies the authentication method to use (Basic or Negotiate).

An interactive directory of PowerShell scripts.

MIT License