Sometimes we need to change a large number of expiration dates and doing it by hand can be quite a task, here I have two examples on how to do this. Both required Quest Active Roles Management Shell for Active Directory.

Example 1 – If all the account have an attribute such as the description that is the same, it can be done this way, but it MUST be the same and match exactly:

Get-QADUser -ou "ou=users,dc=site,dc=local" -includedproperties description,AccountExpires,SamAccountName -sAMAccountName '*' |
ForEach-Object {
        $desc = $_.description
        $usname = $_.SamAccountName
        #Set-QADUser $usname -objectattributes @{accountexpires = (new-object System.DateTime(2012,12,31)).ToFileTime().ToString()}
        if ($desc -eq "ACCT EXPIRES ON 12-30-12") { 
            Set-QADUser $usname -objectattributes @{accountexpires = (new-object System.DateTime(2012,12,31)).ToFileTime().ToString()} 
            } 
        }

Example 2 – If you have a list of accounts in a text file, it can be done this way:

$content = Get-Content feedme.txt
foreach ($items in $content) {
	Set-QADUser $items -objectattributes @{accountexpires = (new-object System.DateTime(2012,12,31)).ToFileTime().ToString()} 
}

This may not be the most efficient or effective way to do this, but it does work! 🙂