I have and little command that will extend AD accounts for 6 months (define the date) for each user in a text file:
Get-Content C:\adextensions.txt | Set-ADAccountExpiration -DateTime "09/16/2023"
I was wondering if someone could assist me in creating a script that would automatically set expiry date 6 months from the current date when the command is executed.
I know you could set something like this:
$New_Expiry_Date = [datetime]::Now.addmonths(6)
Something like this:
$New_Expiry_Date = [datetime]::Now.addmonths(6)
Get-Content C:\adextensions.txt | Set-ADAccountExpiration -DateTime $New_Expiry_Date
Also if possible could the results of each user new account expiry date be outputted to a CSV file showing username and expiry date.
I am very basic learner at PowerShell.
UPDATE 1
@Theo I ran your code.
Added Get Credential code:
$cred = Get-Credential
Set-ADAccountExpiration -Credential $cred
$New_Expiry_Date = (get-Date).AddMonths(6).Date # .Date sets this to midnight
$cred = Get-Credential
# assuming the file holds the SamAccountNames of the users each on its own line
# (or the users DistinguishedName, the SID or the object GUID)
$result = Get-Content -Path 'C:\temp\adextensions.txt' | ForEach-Object {
Set-ADAccountExpiration -Credential $cred -Identity $_ -DateTime $New_Expiry_Date
# output an object to collect in variable $result
[PsCustomObject]@{
User = $_
AccountExpires = $New_Expiry_Date
}
}
# display on screen
$result | Format-Table -AutoSize
# save as csv file
$result | Export-Csv -Path 'C:\temp\AccountExpiryDates.csv' -NoTypeInformation
When I ran the code I got this error message
Seems like it states I don't have the permission to execute the script.
I do get prompted to enter a username and password before the script run, my AD account is domain admin account.
PS C:\Users\Me> $New_Expiry_Date = (get-Date).AddMonths(6).Date # .Date sets this to midnight
$cred = Get-Credential
# assuming the file holds the SamAccountNames of the users each on its own line
# (or the users DistinguishedName, the SID or the object GUID)
$result = Get-Content -Path 'C:\temp\adextensions.txt' | ForEach-Object {
Set-ADAccountExpiration -Credential $cred -Identity $_ -DateTime $New_Expiry_Date
# output an object to collect in variable $result
[PsCustomObject]@{
User = $_
AccountExpires = $New_Expiry_Date
}
}
# display on screen
$result | Format-Table -AutoSize
# save as csv file
$result | Export-Csv -Path 'C:\temp\AccountExpiryDates.csv' -NoTypeInformation
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Set-ADAccountExpiration : Insufficient access rights to perform the operation
At line:7 char:5
+ Set-ADAccountExpiration -Credential $cred -Identity $_ -DateTime $New_Expiry ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (TestUser:ADAccount) [Set-ADAccountExpiration], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirectory.Management.Commands.SetADAccountExpiration
Also when I run the original script you provided me (whilst running Windows PowerShell ISE as Administrator) works fine.
Your code looks good to me, but if you want output to say a CSV file, you need to use a loop.
$New_Expiry_Date = (get-Date).AddMonths(6).Date # .Date sets this to midnight
# assuming the file holds the SamAccountNames of the users each on its own line
# (or the users DistinguishedName, the SID or the object GUID)
$result = Get-Content -Path 'C:\adextensions.txt' | ForEach-Object {
Set-ADAccountExpiration -Identity $_ -DateTime $New_Expiry_Date
# output an object to collect in variable $result
[PsCustomObject]@{
User = $_
AccountExpires = $New_Expiry_Date
}
}
# display on screen
$result | Format-Table -AutoSize
# save as csv file
$result | Export-Csv -Path 'C:\AccountExpiryDates.csv' -NoTypeInformation
You may need to add admin credentials using the -Credential parameter on the Set-ADAccountExpiration cmdlet