Needing to set ‘Password Never Expires’ across an entire OU in Active Directory, I managed to write a powershell script to accomplish as much. Sure is nice having scripting languages on Windows machines beyond BASIC.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | # Finds all user objects in the searchroot and forces the password never expires value in user account control to set# 2009-09-04 -- Bryan McLellan <btm@loftninjas.org>$Never_Expire=0x10000$objou = New-Object System.DirectoryServices.DirectoryEntry("LDAP://ou=test,dc=example,dc=com")$objSearcher = New-Object System.DirectoryServices.directorySearcher$objsearcher.searchroot = $objou$objsearcher.filter = '(&(objectCategory=User)(Objectclass=user)(!isCriticalSystemObject=*))'$objsearcher.searchscope = "subtree"$results = $objsearcher.findall()foreach ($result in $results) { $user = [adsi]$result.path $value = $user.useraccountcontrol.item(0) $value = $value -bor $Never_Expire $user.useraccountcontrol = $value $user.name $user.setinfo()} |
Thank you for this script! Worked flawlessly even in 2011!