Twhite0909
asked on
Active Directory Set User Accounts to Expire
I have 300 users within a Location in Ad that I need to set to expire at the end of FEB. 2014. Is there a script to od this with. I found two but there sytnaxes show as invalid:
Set-ADAccountExpiration [-Identity] gclinch [-DateTime] "02/28/2014 5:00:00 PM"
"Error stats Set-ADAccountExpiration is not valid"
Set-ADUser gclinch -AccountExpirationDate "02/28/2014 5:00:00 PM"
"Error stats Set-ADUser is not valid"
Set-ADAccountExpiration [-Identity] gclinch [-DateTime] "02/28/2014 5:00:00 PM"
"Error stats Set-ADAccountExpiration is not valid"
Set-ADUser gclinch -AccountExpirationDate "02/28/2014 5:00:00 PM"
"Error stats Set-ADUser is not valid"
ASKER
I am using "Active Directory Module for powershell" located on my domain controller. I also tried running the commands fro Exchange 2010 Shell
Now in Ad Module for Poweshell I ran your command and got the following error:
Set-ADAccountExpiration [-Identity] gclinch [-DateTime] "02/28/2014 5:00:00 PM"
The term 'Set-ADAccountExpiration' is not recognized as the name of a cmdlet, function, script file,
Now in Ad Module for Poweshell I ran your command and got the following error:
Set-ADAccountExpiration [-Identity] gclinch [-DateTime] "02/28/2014 5:00:00 PM"
The term 'Set-ADAccountExpiration' is not recognized as the name of a cmdlet, function, script file,
What server are you running?
Try the following commands:
Add-WindowsFeature RSAT-AD_PowerShellImport-Module ActiveDirectory
Seems that your module in not loading properly. Can you try the following command...
get-module
The command above will tell you if the activedirectory module has been installed. based on the errors you are getting it has not installed correctly.
Aside from that you can do this very easily via the GUI. See the screenshot below. Simply hold shift and select all of the users in an OU, right click Properties, click the account tab and set all accounts to expire on a speciifc data.
Account Expires GUI
Will.
get-module
The command above will tell you if the activedirectory module has been installed. based on the errors you are getting it has not installed correctly.
Aside from that you can do this very easily via the GUI. See the screenshot below. Simply hold shift and select all of the users in an OU, right click Properties, click the account tab and set all accounts to expire on a speciifc data.
Account Expires GUI
Will.
ASKER
After running Get-Module I see the following:
ModuleType Name ExportedCommands
---------- ---- ----------------
Manifest ActiveDirectory {Set-ADOrganizationalUnit,
ModuleType Name ExportedCommands
---------- ---- ----------------
Manifest ActiveDirectory {Set-ADOrganizationalUnit,
Ok well the ActiveDirectory module appears to be loaded into the session. Did you try the GUI suggestion in my previous post? Does that work for you? Have you checked the event viewer to see if there are any issues in regards to Windows Powershell?
Will.
Will.
ASKER
OK I got the AD module to import and its now accepting commands., So the cmd:
Set-ADAccountExpiration "user" -DateTime "02/28/2014 5:00:00 PM"
Has just worked successfully. Now my bigger questions. Is their a way to run this command against an entire OU in order to set all users within that OU to expire on that date>
Also we use Password Manager from Dell that allows a user that if their PW expired and they need it reset they can go to this Tools weblink and reset themselves. If I set an Account o expire could they technically use this tool to reset their PW and they have access again or would it require an ADMIN to reset the Expiration date on their account in order for the account to have log on access?
Thanks for all your help guys I really appreciate it.
Set-ADAccountExpiration "user" -DateTime "02/28/2014 5:00:00 PM"
Has just worked successfully. Now my bigger questions. Is their a way to run this command against an entire OU in order to set all users within that OU to expire on that date>
Also we use Password Manager from Dell that allows a user that if their PW expired and they need it reset they can go to this Tools weblink and reset themselves. If I set an Account o expire could they technically use this tool to reset their PW and they have access again or would it require an ADMIN to reset the Expiration date on their account in order for the account to have log on access?
Thanks for all your help guys I really appreciate it.
You can use the syntax below to accomplish this...
That should do it.
Will.
get-aduser -fliter * -searchbase "OU=testou,dc=domain,dc=com" | Set-ADAccountExpiration "user" -DateTime "02/28/2014 5:00:00 PM"That should do it.
Will.
ASKER
I dont think it likes the -Filter or -Searchbase?
PS C:\Users\WhiteT> get-aduser -filter * -searchbase OU=charlotte,dc=ad dc=local | Set-ADAccountExpiration "user" -DateTime "02/03/2014 5:00:00 PM"
et-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported.
At line:1 char:33
+ get-aduser -filter * -searchbase <<<< OU=charlotte,dc=ad dc=local | Set-ADAccountExpiration "user" -DateTime "02/03/2014 5:00:00 PM"
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBind
ingException
+ FullyQualifiedErrorId : CannotConvertArgument,Micr
Management.Commands.GetADU
PS C:\Users\WhiteT> get-aduser -filter * -searchbase OU=charlotte,dc=ad dc=local | Set-ADAccountExpiration "user" -DateTime "02/03/2014 5:00:00 PM"
et-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported.
At line:1 char:33
+ get-aduser -filter * -searchbase <<<< OU=charlotte,dc=ad dc=local | Set-ADAccountExpiration "user" -DateTime "02/03/2014 5:00:00 PM"
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBind
ingException
+ FullyQualifiedErrorId : CannotConvertArgument,Micr
Management.Commands.GetADU
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am on my domain controller. I launch Active Directory Module for Windows Powershell and run the below cmd:
get-aduser -Filter * -SearchBase ou=charlotte,dc=ad,dc=loca
Charlotte is the OU AD.local is th domain. It comes back every time with " Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported." Is there something wrong with module for Powershell and AD?
get-aduser -Filter * -SearchBase ou=charlotte,dc=ad,dc=loca
Charlotte is the OU AD.local is th domain. It comes back every time with " Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'SearchBase'. Specified method is not supported." Is there something wrong with module for Powershell and AD?
It is possible as you were encountering issues before when the module was installed. Have you tried putting "qoutes" around the "ou=testou...."?
The command i have posted above earilier worked completely fine on my DC only using the Active Directory Module.
Will.
The command i have posted above earilier worked completely fine on my DC only using the Active Directory Module.
Will.
ASKER
OK The quotes got me 1 step further sorry I thought i removed quotes from examples. However now it says "Get-ADUser : Directory Object Not Found
Now my OU I'm trying to reach is under some other OUs its location in ADUC is
AD.LOCAL/Locations/RSG/Cha
Do I need another parameter to drill down?
Now my OU I'm trying to reach is under some other OUs its location in ADUC is
AD.LOCAL/Locations/RSG/Cha
Do I need another parameter to drill down?
From PowerShell, try the following syntax:
Open in new window
You should also make sure the AD Modules are loaded in the "Windows Features" pane if you are running remotely, or if they were disabled previously on the server.