I recently handled a ticket which prompted me to revisit using the "Account expires" field in Active Directory Users and Computers (or the "accountExpires" attribute). In this ticket, it was indicated that it was very important that a user account be disabled at a specific time. I researched how the expiration field works, and found that if this flag is set, the default behavior is to expire the account at the very end of the chosen day as the clock is ready to roll over to midnight. Clearly, this wouldn't suit the requirements of expiring the account at end of business (or at any other time of the day), and I don't want to take the chance of forgetting to do it manually at the specified time.
While researching how to handle this, I came across some articles that pointed me towards a TechNet page that discusses the
Set-ADUser command in the Active Directory Module for PowerShell. It turns out there's a parameter called "AccountExpirationDate" that does exactly what we need! I would recommend reading the parameter details because of how flexible it is regarding the time/date syntax it will accept, but the following command did the job for me on this particular account:
Set-ADUser -Identity [USERNAME] -AccountExpirationDate "10/05/2012 5:00:00 PM"
I'm sure I will be using this command plenty more in the future, and I hope you have found this information helpful!
No comments:
Post a Comment