Set user account expiry date

One useful feature of AD is that we can set an expiry date on an account – very useful for temporary workers or if we know someone is leaving at on particular date. The expiry date is stored in AD as the number of  100 nanosecond intervals since 1st January 1601 – this is stored as a 64 bit integer

$date = Get-Date             
$ou = "OU=England,DC=Manticore,DC=org"            
            
"`nMicrosoft"            
$name = "UserA"            
$exp = $date.Adddays(30)            
Get-ADUser -Identity $name |            
Set-ADAccountExpiration -DateTime $exp            
            
"`nAD provider"            
$name = "UserB"            
$dn = "cn=$name,$ou"            
$exp = $date.Adddays(60).ToFileTime()            
Set-ItemProperty -Path AD:\$dn  -Name accountExpires -Value $exp -Force            
            
"`nQuest"            
$name = "UserC"            
$exp = $date.Adddays(90)            
Get-QADUser -Identity $name |            
Set-QADUser -AccountExpires $exp            
            
"`nScript"            
$name = "UserD"            
$dn = "cn=$name,$ou"            
$exp = $date.Adddays(120).ToShortDateString()            
$user = [adsi]"LDAP://$dn"            
            
$user.AccountExpirationDate = $exp            
$user.SetInfo()

In all cases I’ve added a number of days to todays date to give the expiry date. it would be just as easy to specify a particular date.

The Microsoft cmdlets use Set-AdAccountExpiration and a datetime object

The Quest cmdlets and script accept a date in short date format.

The provider expects an integer – we can can convert the date using ToFileTime() method

Notice the different attribute names between the script and the provider