≡ Menu

Set or Remove Password Never Expires flag for multiple users using PowerShell

In this post, we will discuss how to set or remove the Password Never Expires check box in Active Directory User object properties under the Account tab. Using this script mentioned in this post, you can do it for single or multiple users accounts.

This script relies on Get-ADUser and Set-ADUser cmdlets in ActiveDirectory module. So make sure it is installed before you run this script. Script has two inputs. First one is list of user accounts for which you want to set or remove the password never expires option. The user accounts list can be from a text file with one user account per line or can be passed directly to the parameter as a comma separated values. Second input is what is operation you want to perform, i.e set or remove operation.

Input parameters:

  1. UserAccounts : List of user accounts which you want to set or remove the password never expires operation
  2. SetOption : Enables Password Never Expires option if not already enabled.
  3. RemoveOption : Removes Password Never expires option if enabled

You can look at the example section below to understand how to use this script. The output of the script will clearly indicate the status for each account whether it has enabled it or there are some errors etc.

 

Script : Update-PasswordNeverExpires.ps1


[CmdletBinding()]
param(
    [Parameter(Mandatory=$true)]
    [string[]]$UserAccounts,
    [Parameter(ParameterSetName="set", Mandatory=$true)]
    [switch]$SetOption,
    [Parameter(ParameterSetName="remove", Mandatory=$true)]
    [switch]$RemoveOption
)

foreach($UserAccount in $UserAccounts) {
    try {
        $UserObj = Get-ADUser -Identity $UserAccount -EA Stop -Properties PasswordNeverExpires
        if($UserObj.PasswordNeverExpires) {
            if($RemoveOption) {
                Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$false -EA Stop
                Write-Host "$UserAccount : Successfully removed the password never expires option" -ForegroundColor Green
            } else {
                Write-Host "$UserAccount : Option already enabled" -ForegroundColor Yellow
            }
        } else {
           if($SetOption) {
               Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$true -EA Stop
               Write-Host "$UserAccount : Successfully enabled password never expires option" -ForegroundColor Green
           } else {
               Write-host "$UserAccount : Option already removed" -ForegroundColor Yellow
           }

       }

    } catch {
      Write-host "$UserAccount : Error Occurred. $_" -ForegroundColor Red

}

}

Examples:

Set Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -SetOption

Remove Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

Set Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -SetOption

Remove Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -RemoveOption

As you can see from the screenshots, the output of the script will give you the status of execution.

Hope this helps.

 

{ 7 comments… add one }
  • TOM May 28, 2018, 4:14 pm

    your script is a good job… thanksss a lot…

  • Walter March 15, 2019, 10:28 pm

    Please. How do I export the result to a text file?

    • Wintel Rocks March 17, 2019, 7:27 pm

      Hi,

      Current version of this script doesn’t provide a way to export to CSV.

      • eko April 18, 2019, 2:58 pm

        you may add this comment in the end of script >c:\result.csv

  • Mostafa July 7, 2019, 1:21 pm

    iam always facing this issue
    Update-PasswordNeverExpiresFlag.ps1 : The term ‘Update-PasswordNeverExpiresFlag.ps1’ is not recognized as the name of
    a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
    verify that the path is correct and try again.
    At line:1 char:1
    + Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -RemoveOptio …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Update-PasswordNeverExpiresFlag.ps1:String) [], CommandNotFoundExceptio
    n
    + FullyQualifiedErrorId : CommandNotFoundException

    • Wintel Rocks July 9, 2019, 4:52 am

      Hi,

      Please try by pre-fixing with “.\” if the script is in current directory.

      .\Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

      You can also provide the full path of the script where it is stored on disk.

      c:\scripts\Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

Leave a Comment