SAM IT
asked on
Set-ADAccountExpiration
Hello All,
Below script is working fine. the script is to Set-ADAccountExpiration and set logon deny. post execution of script account expiry should be the date when script script executes against the ADuser. but the I am getting is Post script exection When i look for account expiry it is one day before stamped from the date of script execute.
Same script working fine as expected in my test environement but not in prodution. Thanks in advance
Below script is working fine. the script is to Set-ADAccountExpiration and set logon deny. post execution of script account expiry should be the date when script script executes against the ADuser. but the I am getting is Post script exection When i look for account expiry it is one day before stamped from the date of script execute.
Same script working fine as expected in my test environement but not in prodution. Thanks in advance
Import-Module activedirectory
$tdate = Get-Date -Format "dd-MM-yyyy"
[byte[]]$hours = @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
$users = get-content "C:\input.txt"
foreach ($user in $users) {
$UserSet = get-aduser $user
Set-ADAccountExpiration $userset -DateTime $tdate
Set-ADUser $UserSet -Replace @{Logonhours = [Byte[]]$Hours}}
Sean
in production did you double check your clock? Also run the get-date command and check what it is outputting exactly.
ASKER
yes in production it's out puting correctly
Note that the setting is "End of" the date in question based on the GMT of the datetime object you give the cmdlet but the display is in local time.
So if you set it to expire on the current day and you're GMT-5, if it's 6 PM 9/21/2017 (11 PM 9/21/2017 GMT), in ADUC it would show end of 9/20/2017. If you run it at 8 PM 9/21/2017 (1 AM 9/22/2017), in ADUC it would show end of 9/21/2017.
Also, the -DateTime in Set-ADAccountExpiration requires a DateTime object so $tdate = Get-Date -Format "dd-MM-yyyy" shouldn't work and doesn't in my quick test. $tdate = Get-Date (Get-Date -Format "MM/dd/yyyy") should work. If you want it to expire at the start of the following day you can use this:
So if you set it to expire on the current day and you're GMT-5, if it's 6 PM 9/21/2017 (11 PM 9/21/2017 GMT), in ADUC it would show end of 9/20/2017. If you run it at 8 PM 9/21/2017 (1 AM 9/22/2017), in ADUC it would show end of 9/21/2017.
Also, the -DateTime in Set-ADAccountExpiration requires a DateTime object so $tdate = Get-Date -Format "dd-MM-yyyy" shouldn't work and doesn't in my quick test. $tdate = Get-Date (Get-Date -Format "MM/dd/yyyy") should work. If you want it to expire at the start of the following day you can use this:
Import-Module activedirectory
$tdate = (Get-Date (Get-Date -Format "MM/dd/yyyy")).AddDays(1)
[byte[]]$hours = @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
$users = get-content "C:\input.txt"
foreach ($user in $users) {
$UserSet = get-aduser $user
Set-ADAccountExpiration $userset -DateTime $tdate
Set-ADUser $UserSet -Replace @{Logonhours = [Byte[]]$Hours}}ASKER
getting below error
Get-Date : Cannot bind parameter 'Date'. Cannot convert value "09/21/2017" to type "System.DateTime". Error: "String was not recognized as a valid DateTime."
At line:3 char:20
+ $tdate = (Get-Date (Get-Date -Format "MM/dd/yyyy")).AddDays(1)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMes
Get-Date : Cannot bind parameter 'Date'. Cannot convert value "09/21/2017" to type "System.DateTime". Error: "String was not recognized as a valid DateTime."
At line:3 char:20
+ $tdate = (Get-Date (Get-Date -Format "MM/dd/yyyy")).AddDays(1)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMes
Oops, I'm thinking US centric, forgive me. It was late :). I think you can disregard what I said about the datetime object. If dd-MM-yyyy is the format for your region, it will automatically convert it to a datetime object.
So back to you original script, we can just append the ".AddDays(1)" to it.
So back to you original script, we can just append the ".AddDays(1)" to it.
mport-Module activedirectory
$tdate = (Get-Date -Format "dd-MM-yyyy").AddDays(1)
[byte[]]$hours = @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
$users = get-content "C:\input.txt"
foreach ($user in $users) {
$UserSet = get-aduser $user
Set-ADAccountExpiration $userset -DateTime $tdate
Set-ADUser $UserSet -Replace @{Logonhours = [Byte[]]$Hours}}ASKER
Sorry for late response, getting below error
Method invocation failed because [System.String] doesn't contain a method named 'AddDays'.
At line:3 char:49
+ $tdate = (Get-Date -Format "dd-MM-yyyy").AddDays <<<< (1)
+ CategoryInfo : InvalidOperation: (AddDays:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Method invocation failed because [System.String] doesn't contain a method named 'AddDays'.
At line:3 char:49
+ $tdate = (Get-Date -Format "dd-MM-yyyy").AddDays <<<< (1)
+ CategoryInfo : InvalidOperation: (AddDays:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Best answer to the question