Change User Account Setting – PasswordNeverExpires

After running an audit, it was discovered that some user account passwords on the domain were set to never expire. A few meetings later the team decided to change this setting across the board. Below is the script that will target an Organizational Unit (OU) and adjust the setting for the user accounts in it.

This script will work for dozens of unique options for the user account. To help find which option to change type the following two commands:

import-module ActiveDirectory
Get-ADUser accountusername -properties *

 

import-module ActiveDirectory
# Imports ActiveDirectory

$target = "OU=Users,OU=Admin Groups,DC=subdomain,DC=maindomain,DC=local"
# This variable targets the OU containing the users
# Note the reversed order when pointing to an OU. 
#
# It starts with the OU at the beginning then ends with FQDN:
# subdomain.maindomain.local > Admin Group > Users

$User = Get-ADUser -SearchBase $target -Filter * -ResultSetSize 5000 | Select SamAccountName
# Creates User variable for list of SamAccountName names

$User | ForEach-Object {
	Set-ADUser $_.SamAccountName -PasswordNeverExpires:$False
}
# Runs the command to switch the setting to False on every SamAccountName

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.