≡ Menu

Set or Remove Password Never Expires flag for multiple users using PowerShell

In this post, we will discuss how to set or remove the Password Never Expires check box in Active Directory User object properties under the Account tab. Using this script mentioned in this post, you can do it for single or multiple users accounts.

This script relies on Get-ADUser and Set-ADUser cmdlets in ActiveDirectory module. So make sure it is installed before you run this script. Script has two inputs. First one is list of user accounts for which you want to set or remove the password never expires option. The user accounts list can be from a text file with one user account per line or can be passed directly to the parameter as a comma separated values. Second input is what is operation you want to perform, i.e set or remove operation.

Input parameters:

  1. UserAccounts : List of user accounts which you want to set or remove the password never expires operation
  2. SetOption : Enables Password Never Expires option if not already enabled.
  3. RemoveOption : Removes Password Never expires option if enabled

You can look at the example section below to understand how to use this script. The output of the script will clearly indicate the status for each account whether it has enabled it or there are some errors etc.

 

Script : Update-PasswordNeverExpires.ps1


[CmdletBinding()]
param(
    [Parameter(Mandatory=$true)]
    [string[]]$UserAccounts,
    [Parameter(ParameterSetName="set", Mandatory=$true)]
    [switch]$SetOption,
    [Parameter(ParameterSetName="remove", Mandatory=$true)]
    [switch]$RemoveOption
)

foreach($UserAccount in $UserAccounts) {
    try {
        $UserObj = Get-ADUser -Identity $UserAccount -EA Stop -Properties PasswordNeverExpires
        if($UserObj.PasswordNeverExpires) {
            if($RemoveOption) {
                Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$false -EA Stop
                Write-Host "$UserAccount : Successfully removed the password never expires option" -ForegroundColor Green
            } else {
                Write-Host "$UserAccount : Option already enabled" -ForegroundColor Yellow
            }
        } else {
           if($SetOption) {
               Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$true -EA Stop
               Write-Host "$UserAccount : Successfully enabled password never expires option" -ForegroundColor Green
           } else {
               Write-host "$UserAccount : Option already removed" -ForegroundColor Yellow
           }

       }

    } catch {
      Write-host "$UserAccount : Error Occurred. $_" -ForegroundColor Red

}

}

Examples:

Set Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -SetOption

Remove Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

Set Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -SetOption

Remove Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -RemoveOption

As you can see from the screenshots, the output of the script will give you the status of execution.

Hope this helps.

 

{ 0 comments… add one }

Leave a Comment