Powershell Set-ADGroup

Currenly I'm using the following command to expire user accounts
Set-ADUser username -AccountExpirationDate "07/16/2015 10:00:00AM"
This works fine except i have quite a number of users to expire accounts on.  Can I use this in the following way and achieve the same result?
Set-ADGroup groupname -AccountExpirationDate "07/16/2015 10:00:00AM"  I'm not sure about the -AccountExpiration date part.  Basically what I'd like to do is have an account in a particular OU or Group expire 6 months from the time I create it.
WellingtonISAsked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
You will need to use the New-ADUser cmdlet. The Set-ADuser is only used after the account has already been created.

Use the following command below...
The below command will create a new User, put it in the test OU and have it expire 180 days from when it was created.
$Date = get-date
$OU = "ou=test,dc=domain,dc=com"
New-ADUser -Name (read-host "type name here") -sAMAccountName (read-host "type sam name here") -UniversalPrincipalName (read-host "type upn here") -Path $OU -AccountExpirationDate $Date.AddDays(180)

Open in new window


You can use the same concept if you want to do this for accounts that already exists in your environment. Just use the $date.adddays(180)

Example
set-aduser -identity jsmith -AccountExpirationDate $date.adddays(180)

Open in new window


Also, if you are looking to do this for a list of users using a txt or csv file i can modify the script to accommodate this.

Will.
0
 
Muhammad MullaCommented:
I don't believe that groups can be expired.

You would need to enumerate the members of a group/OU and then pipe the output to to your set-aduser command.
0
 
WellingtonISAuthor Commented:
for example?  What I've been doing is copying the user names and adding the expiration dates.  I have it set up in a txt file and I copy it to powershell and run the command like that
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Guy LidbetterCommented:
get-adgroupmember <groupname> | Foreach {Set-ADUser $_.name -AccountExpirationDate "07/16/2015 10:00:00AM" -whatif}

Open in new window


Give that a try... remove the -whatif option to commit the changes
0
 
Muhammad MullaCommented:
You could probably use something like (I am mobile, so cannot test/verify):

EDIT - better to try Guy's code above.
0
 
WellingtonISAuthor Commented:
PS N:\> get-adgroupmember <WRMAgencyNurses> | Foreach {Set-ADUser $_.name -Accou
ntExpirationDate "07/18/2015 10:00:00AM"}
The '<' operator is reserved for future use.
At line:1 char:20
+ get-adgroupmember < <<<< WRMAgencyNurses> | Foreach {Set-ADUser $_.name -Acco
untExpirationDate "07/18/2015 10:00:00AM"}
    + CategoryInfo          : ParserError: (<:OperatorToken) [], ParentContain
   sErrorRecordException
    + FullyQualifiedErrorId : RedirectionNotSupported

PS N:\>
0
 
WellingtonISAuthor Commented:
Get-ADGroupMember WRMAgencyNurses | where {$_.objectClass -eq "user"} | Set-ADAccountExpiration -timespan 182.0:0

I actually ran this and it worked.
0
 
WellingtonISAuthor Commented:
I tired this and it worked nice!  Thanks I'll be using this!
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Excellent!

Will.
0
 
Guy LidbetterCommented:
I Wellington...  For future reference if you get a code that has something like this "<xxx>" it means replace this bit with what you want here... its place holder... don't include the <>'s..        ;-P

glad you got a solution!

Guy
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.