≡ Menu

Set or Remove Password Never Expires flag for multiple users using PowerShell

by on October 22, 2017

In this post, we will discuss how to set or remove the Password Never Expires check box in Active Directory User object properties under the Account tab. Using this script mentioned in this post, you can do it for single or multiple users accounts.

This script relies on Get-ADUser and Set-ADUser cmdlets in ActiveDirectory module. So make sure it is installed before you run this script. Script has two inputs. First one is list of user accounts for which you want to set or remove the password never expires option. The user accounts list can be from a text file with one user account per line or can be passed directly to the parameter as a comma separated values. Second input is what is operation you want to perform, i.e set or remove operation.

Input parameters:

  1. UserAccounts : List of user accounts which you want to set or remove the password never expires operation
  2. SetOption : Enables Password Never Expires option if not already enabled.
  3. RemoveOption : Removes Password Never expires option if enabled

You can look at the example section below to understand how to use this script. The output of the script will clearly indicate the status for each account whether it has enabled it or there are some errors etc.

Script : Update-PasswordNeverExpiresFlag.ps1


[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string[]]$UserAccounts,
[Parameter(ParameterSetName="set", Mandatory=$true)]
[switch]$SetOption,
[Parameter(ParameterSetName="remove", Mandatory=$true)]
[switch]$RemoveOption
)

foreach($UserAccount in $UserAccounts) {
try {
$UserObj = Get-ADUser -Identity $UserAccount -EA Stop -Properties PasswordNeverExpires
if($UserObj.PasswordNeverExpires) {
if($RemoveOption) {
Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$false -EA Stop
Write-Host "$UserAccount : Successfully removed the password never expires option" -ForegroundColor Green
} else {
Write-Host "$UserAccount : Option already enabled" -ForegroundColor Yellow
}
} else {
if($SetOption) {
Set-ADUser -Identity $UserAccount -PasswordNeverExpires:$true -EA Stop
Write-Host "$UserAccount : Successfully enabled password never expires option" -ForegroundColor Green
} else {
Write-host "$UserAccount : Option already removed" -ForegroundColor Yellow
}

}

} catch {
Write-host "$UserAccount : Error Occurred. $_" -ForegroundColor Red

}

}

Examples:

Set Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -SetOption

Remove Password Never expires option for Single User


Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

Set Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -SetOption

Remove Password Never Expires option for multiple users


$Users = Get-Content c:\temp\users.txt

Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -RemoveOption

As you can see from the screenshots, the output of the script will give you the status of execution.

Hope this helps.

Comments on this entry are closed.

  • TOM May 28, 2018, 4:14 pm

    your script is a good job… thanksss a lot…

    Link
  • Walter March 15, 2019, 10:28 pm

    Please. How do I export the result to a text file?

    Link
    • Wintel Rocks March 17, 2019, 7:27 pm

      Hi,

      Current version of this script doesn’t provide a way to export to CSV.

      Link
      • eko April 18, 2019, 2:58 pm

        you may add this comment in the end of script >c:\result.csv

        Link
  • Mostafa July 7, 2019, 1:21 pm

    iam always facing this issue
    Update-PasswordNeverExpiresFlag.ps1 : The term ‘Update-PasswordNeverExpiresFlag.ps1’ is not recognized as the name of
    a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
    verify that the path is correct and try again.
    At line:1 char:1
    + Update-PasswordNeverExpiresFlag.ps1 -UserAccounts $Users -RemoveOptio …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Update-PasswordNeverExpiresFlag.ps1:String) [], CommandNotFoundExceptio
    n
    + FullyQualifiedErrorId : CommandNotFoundException

    Link
    • Wintel Rocks July 9, 2019, 4:52 am

      Hi,

      Please try by pre-fixing with “.\” if the script is in current directory.

      .\Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

      You can also provide the full path of the script where it is stored on disk.

      c:\scripts\Update-PasswordNeverExpiresFlag.ps1 -UserAccounts LabUser01 -RemoveOption

      Link
    • Rik July 15, 2021, 2:51 pm

      I know this is old but I noticed that the command is Update-PasswordNeverExpiresFlag.ps1 but the script was named Update-PasswordNeverExpires.ps1 (Missing the flag)
      I amended and it works ok

      Link
      • Wintel Rocks July 16, 2021, 5:56 am

        Thanks for highlighting. It is corrected now.

        Link
  • Sekar Chinnakannu January 2, 2020, 10:36 am

    Excellent, Good work…

    Link
  • nAVS August 26, 2020, 7:08 pm

    works like a charm. thanks a buch.

    Link
  • Larry Russell April 12, 2022, 8:40 pm

    Tom, I was wondering if you had a script that removes the password never expires option for a single user using an input file containing a list of servers?

    Link

Next post:

Previous post:

This site rocks the Classic Responsive Skin for Thesis.

WP Admin