Setting a User’s Account to Expire

Posted: January 14, 2010 in Active Directory, Networking, Server, System Information
Tags: , ,


Problem

You want a user’s account to expire at some point in the future.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.
  2. In the left pane, right-click on the domain and select Find.
  3. Select the appropriate domain beside In.
  4. Beside Name, type the name of the user you want to modify and click Find Now.
  5. In the Search Results window, double-click on the user.
  6. Click the Account tab.
  7. Under Account expires, select the radio button beside End of.
  8. Select the date the account should expire.
  9. Click OK.

Using a command-line interface

Valid values for the -acctexpires flag include a positive number of days in the future when the account should expire, to expire the account at the end of the day, or to never expire the account.

> dsmod user “<UserDN>” -acctexpires <NumDays>

Using VBScript

‘ This code sets the

account expiration date for a user.

‘ —— SCRIPT CONFIGURATION ——

strExpireDate = “<Date>” ‘ e.g. “07/10/2004”

strUserDN = “<UserDN>” ‘ e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com

‘ —— END CONFIGURATION ——–

set objUser = GetObject(“LDAP://” & strUserDN)

objUser.AccountExpirationDate = strExpireDate

objUser.SetInfo

WScript.Echo “Set user ” & strUserDN & ” to expire on ” & strExpireDate

‘ These two lines would disable

account expiration for the user

‘ objUser.Put ”

accountExpires”, 0

‘ objUser.SetInfo

Discussion

User accounts can be configured to expire on a certain date. Account expiration is stored in the accountExpires attribute on a user object. This attribute contains a large integer representation of the date in which the account expires, expressed in 100 nanosecond intervals since January 1, 1601.If you set this attribute to 0, it disables account expiration for the user (i.e., the account will never expire). Note that this is different than the dsmod user command where a value of 0 with -acctexpires will cause the account to expire at the end of the day. Why does it differ from how the accountExpires attribute works? Great question. The accountExpires attribute itself will be updated whenever the existing expiration date passes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s