Powershell command to Configure Password Never Expires flag:
Set-ADUser -Identity <samAccountName> -PasswordNeverExpires $true
The Identity parameter specifies the Active Directory user to modify. You can identify a user by its samAccountName, distinguished name (DN), GUID and SID.
Modify AD Users from Specific OU
You can select AD users from specific OU and set as password never expire users by using Get-ADUser and Set-ADUser cmdlets. You can set target OU scope by using the parameter SearchBase in Get-ADUser cmdlet. This following command select and set as password never expires flag of Active Directory users from the Organization Unit ‘TestOU’.
Import-Module ActiveDirectory Get-ADUser -Filter * -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" | Set-ADUser -PasswordNeverExpires:$True
Update Specific set of AD Users with Filter
You can filter sepecific set of AD users by using SQL like filter with Get-ADUser, users who are not familiar with LDAP filter can easily use this filter to get only specific set of AD users
Import-Module ActiveDirectory Get-ADUser -Filter 'department -like "*Admin*"' | Set-ADUser -PasswordNeverExpires:$True
You can also use LDAP filter with Get-ADUser powershell cmdlet with more flexibility to filter Active Directory users.
Import-Module ActiveDirectory Get-ADUser -LDAPFilter '(Department=*Admin*)' | Set-ADUser -PasswordNeverExpires:$True
Modify Bulk AD Users Password Never Expire flag from CSV
You can read Active Directory from csv file using Powershell cmdlet Import-CSV. Consider the CSV file ADUsers.csv (Ex file: Download ADUsers.csv) which contains set of AD users with the attribute samAccountName.
Import-Module ActiveDirectory Import-Csv "C:\ScriptsADUsers.csv" | ForEach-Object { $samAccountName = $_."samAccountName" Get-ADUser -Identity $samAccountName | Set-ADUser -PasswordNeverExpires:$True }
Modify specific AD Group Members
You can set password never expires flag for only specific Active Directory group members by getting AD group members using Get-ADGroupMember cmdlet. The following powershell script select all the members “TestGroup” group and set as password never expire users.
Import-Module ActiveDirectory Get-ADGroupMember -Identity "TestGroup" | Set-ADUser -PasswordNeverExpires:$True
My brother recommended I might like this website. He was totally right.
This post truly made my day. You can not imagine just how much time I had spent for this
information! Thanks!
Hello,
Thank you very much for the part "Modify AD Users from Specific OU". Exactly what's I need. Good Website!
Question: is it possible to have a result/list to indicate which accounts has been modified? I have tried to add | Export-csv -path c:password-infos.csv but it's not working.
Thanks
Sebastien
Worked wonderfully, thank you!