Related features:

Related Powershell Guides:

How to change the Password never expires attribute and set a password expiration date using PowerShell

The two scripts below can be used to set the Password never expires attribute to true and change the password expiration date in Active Directory (AD).

Set the Password never expires attribute

To set the Password never expires attribute for AD users:

$User = (Read-Host -Prompt "Username")
Set-ADUser -Identity $User -PasswordNeverExpires $true

Set the password expiration date

You can extend the validity of an AD password by setting the pwdlastset attribute to -1, which sets the value of the attribute to the current date and time.

$Username = (Read-Host -Prompt "Username")
$User = Get-ADUser $Username -Properties pwdlastset
$User.pwdlastset = 0
Set-ADUser -Instance $User
$User.pwdlastset = -1
Set-ADUser -Instance $User

Automate AD password expiration notifications using ADSelfService Plus

ADSelfService Plus is an integrated AD self-service password management and single sign-on solution that provides a customizable password expiration notification scheduler. Using this feature, you can customize:

  • Which users receive the notification: You can create different schedulers for different domains, organizational units, and groups in your organization.
  • Where users receive the notification: You can choose to send it through a push notification on their mobile phone, SMS, or email.
  • When users receive the notification: You can start sending the notification n days before password expiration and keep sending them daily, weekly, or on specific days from then.

To learn more about ADSelfService Plus, click here.

Changing the Password never expires attribute and expiration date using PowerShell

Step 1: Check if a user’s password is set to "never expire"

Run the following command to check the PasswordNeverExpires attribute.

Get-ADUser -Identity "username" -Properties "PasswordNeverExpires"

Note: This returns True if the password never expires, False otherwise.

Step 2: Disable the Password Never Expire setting

To enforce password expiry for a user, set PasswordNeverExpires to $false. This will require the user to change their password periodically.

Set-ADUser -Identity "username" -PasswordNeverExpires $false

Step 3: Set a custom password expiration date

Modify the expiration date for a specific user. This forces the password to expire in 30 days.

Set-ADUser -Identity "username" -Replace @{"msDS-UserPasswordExpiryTimeComputed" = [datetime]::Now.AddDays(30)}

Step 4: Apply these settings to an entire group

Update all users in a specific group using the command below. This loops through all users in the group and applies the change.

Get-ADGroupMember -Identity "GroupName" | ForEach-Object {Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $false}

FAQs

1. How do I set a user’s password to "never expire"?

Run the following PowerShell command by replacing username with the actual user’s username.

Set-ADUser -Identity username -PasswordNeverExpires $true

2. How can I reset a user’s password expiry date?

The command below will force the user to reset their password at the next login.

Set-ADUser -Identity username -Replace @{pwdLastSet=0}

3. How do I check if a user’s password is set to "never expire"?

Check if a user’s password is set to "never expire" by running the command below. This will return True if the password never expires.

Get-ADUser -Identity username -Properties PasswordNeverExpires | Select Name, PasswordNeverExpires

Notify Active Directory users about password expiration.

Try it now for free
 
  • Set the Password never expires attribute
  • Set the password expiration date
  • Automate AD password expiration notifications using ADSelfService Plus
  • Changing the Password never expires attribute and expiration date using PowerShell
  • FAQs

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Password Self-ServiceDirectory Self-ServiceOne IdentitySecurityRelated Products

A single pane of glass for complete self service password management

Free Trial Get Quote
Email Download Link