6.25. Setting a User’s Account to Expire in the Future

Problem

You want a user’s account to expire at some point in the future.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Beside Name, type the name of the user you want to modify and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Click the Account tab.

  7. Under Account expires, select the radio button beside End of.

  8. Select the date the account should expire.

  9. Click OK.

Using a command-line interface

Valid values for the -acctexpires flag include a positive number of days in the future when the account should expire, to expire the account at the end of the day, or “never” to disable account expiration.

> dsmod user "<UserDN>" -acctexpires <NumDays>

Using VBScript

' This code sets the account expiration date for a user.
' ------ SCRIPT CONFIGURATION ------
strExpireDate = "<Date>"   ' e.g. "07/10/2004"
strUserDN = "<UserDN>"     ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
objUser.AccountExpirationDate = strExpireDate
objUser.SetInfo
WScript.Echo "Set user " & strUserDN & " to expire on " & strExpireDate

' These two lines would disable account expiration for the user
' objUser.Put "accountExpires", 0
' objUser.SetInfo

Discussion

User accounts can be configured to expire on a certain date. Account expiration ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial