Extending a User's Password Expiry with PowerShell: A Simple Guide
One of the regular tasks for IT administrators is managing passwords in
Active Directory (AD). It may occasionally be necessary to prolong a user's
password expiration date without changing it. With some advice on using batch
scripts for automation, this post will walk you through the process of doing
that with PowerShell.
Why Extend a Password Expiry Date?
Users may occasionally require additional time before their password
expires. You can just prolong the expiration date so they can use their current
password for a little while longer rather than forcing a reset. When a user is
unable to reset their password immediately away or is not in the office, this
comes in handy.
Frequently Asked
Questions
1. What’s the easiest way to check when a user’s password will expire?
You can quickly check a user’s password expiry date
using PowerShell. Just run this command:
Get-ADUser -Identity "username" -Properties "msDS-UserPasswordExpiryTimeComputed" |
Select-Object Name,@{Name="PasswordExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Replace "username" with the actual username of the user, and you’ll see the date when their
password will expire.
2. How can I
extend the password expiry date without resetting the password?
If you don’t want to reset the password but just
want to extend its expiry date, you can do it with these PowerShell commands:
Set-ADObject -Identity $dn -Replace @{pwdLastSet = 0}
Set-ADObject -Identity $dn -Replace @{pwdLastSet = -1}
Again, replace "username" with the user’s actual name. These commands will extend the password
expiry date based on your organization’s policy.
3. Can I automate
this process with a batch script?
Yes, you can! Batch scripts are great for automating
tasks like this. You can integrate PowerShell commands into a batch script to
make the process even easier.
Using Batch
Scripts with PowerShell
Batch scripts are simple text files that contain a series of commands to be executed by the command line. Here’s how you can use them to automate extending password expiry dates.
- Create a Batch Script:
- Open Notepad.
- Write your commands, like this:
@echo off
powershell
-Command "Set-ADObject -Identity $dn -Replace @{pwdLastSet = 0}"
powershell
-Command "Set-ADObject -Identity $dn -Replace @{pwdLastSet = -1}"
echo Password
expiry extended for %username%
pause
- Save the file with a .bat extension, like ExtendPassword.bat.
- Run the Script:
- Double-click the .bat file to execute it.
- The commands will run, and the password expiry will be extended for
the user.
What are Some
Useful Batch Script Commands?
Here’s a quick look at some basic batch script
commands you might find useful:
- @echo off: Hides the command being executed, making the
script output cleaner.
- powershell -Command "command": Runs a PowerShell command from within a batch script.
- echo: Displays a message on the screen.
- pause: Pauses the script and waits for the user to
press a key, which can be useful for troubleshooting.
Wrapping Up
Extending a user’s password expiry date is
straightforward with PowerShell. By integrating these commands into a batch
script, you can save time and reduce the chance of errors. Whether you’re
managing a small network or a large enterprise, this approach can make your
life easier.
