Pricing  Get Quote
 
 

How to change the Password never expires attribute and set a password expiration date using PowerShell

The two scripts below can be used to set the Password never expires attribute to true and change the password expiration date in Active Directory (AD).

Set the Password never expires attribute

To set the Password never expires attribute for AD users:

$User = (Read-Host -Prompt "Username")
Set-ADUser -Identity $User -PasswordNeverExpires $true

Set the password expiration date

You can extend the validity of an AD password by setting the pwdlastset attribute to -1, which sets the value of the attribute to the current date and time.

$Username = (Read-Host -Prompt "Username")
$User = Get-ADUser $Username -Properties pwdlastset
$User.pwdlastset = 0
Set-ADUser -Instance $User
$User.pwdlastset = -1
Set-ADUser -Instance $User

Automate AD password expiration notifications using ADSelfService Plus

ADSelfService Plus is an integrated AD self-service password management and single sign-on solution that provides a customizable password expiration notification scheduler. Using this feature, you can customize:

  • Which users receive the notification:

    You can create different schedulers for different domains, organizational units, and groups in your organization.

  • Where users receive the notification:

    You can choose to send it through a push notification on their mobile phone, SMS, or email.

  • When users receive the notification:

    You can start sending the notification n days before password expiration and keep sending them daily, weekly, or on specific days from then.

To learn more about ADSelfService Plus, click here.

Notify Active Directory users about password expiration.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link