Run the following command to check the PasswordNeverExpires attribute.
Get-ADUser -Identity "username" -Properties "PasswordNeverExpires" Note: This returns True if the password never expires, False otherwise.
To enforce password expiry for a user, set PasswordNeverExpires to $false. This will require the user to change their password periodically.
Set-ADUser -Identity "username" -PasswordNeverExpires $false Modify the expiration date for a specific user. This forces the password to expire in 30 days.
Set-ADUser -Identity "username" -Replace @{"msDS-UserPasswordExpiryTimeComputed" = [datetime]::Now.AddDays(30)} Update all users in a specific group using the command below. This loops through all users in the group and applies the change.
Get-ADGroupMember -Identity "GroupName" | ForEach-Object {Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $false}Run the following PowerShell command by replacing username with the actual user’s username.
Set-ADUser -Identity username -PasswordNeverExpires $trueThe command below will force the user to reset their password at the next login.
Set-ADUser -Identity username -Replace @{pwdLastSet=0} Check if a user’s password is set to "never expire" by running the command below. This will return True if the password never expires.
Get-ADUser -Identity username -Properties PasswordNeverExpires | Select Name, PasswordNeverExpires
