PowerShell Logo Small

Set-ADAccountExpiration



This is the built-in help made by Microsoft for the command 'Set-ADAccountExpiration', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Sets the expiration date for an Active Directory account.

SYNTAX


Set-ADAccountExpiration [-Identity] <ADAccount> [[-DateTime] <DateTime>] [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>] [-PassThru]
[-Server <String>] [-TimeSpan <TimeSpan>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADAccountExpiration cmdlet sets the expiration time for a user, computer or service account. To specify an exact time, use the DateTime parameter. To specify a time
period from the current time, use the TimeSpan parameter.


The Identity parameter specifies the Active Directory account to modify.


You can identify an account by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity
parameter to an object variable such as $<localADAccountObject>, or you can pass an account object through the pipeline to the Identity parameter. For example, you can use
the Search-ADAccount cmdlet to retrieve an account object and then pass the object through the pipeline to the Set-ADAccountExpiration cmdlet. Similarly, you can use
Get-ADUser, Get-ADComputer, or Get-ADServiceAccount cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:

-- The cmdlet is run from an Active Directory provider drive.
-- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the
msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291107
Clear-ADAccountExpiration
Get-ADComputer
Get-ADServiceAccount
Get-ADUser
Search-ADAccount

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Set-ADAccountExpiration -Identity KarenBe -DateTime "10/18/2008"



This command sets the account with SamAccountName KarenBe to expire on the 18th of October, 2008.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADGroupMember -Identity BO1Accounts | where {$_.objectClass -eq "user"} | Set-ADAccountExpiration -TimeSpan 60.0:0



This command sets the expiration date of all the user accounts who are a member of the group BO1Accounts to 60 days from now.