How do I write a script to modify the password expiration values for users on a Windows Server? How do I write a script to modify the password expiration values for users on a Windows Server? powershell powershell

How do I write a script to modify the password expiration values for users on a Windows Server?


The simple solution is to create a batch file that issues the following command:

net accounts /maxpwage:unlimited

However, that will set the maximum password age for all accounts on the local machine to unlimited, not just the new accounts that you have created.


If you need a finer level of control (i.e., the ability to set the password expiration values for individual users), you'll need something a little more complicated. The Scripting Guys share an example of a VBScript that will modify a local user account so that its password never expires:

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 strDomainOrWorkgroup = "Fabrikam" strComputer = "atl-win2k-01" strUser = "KenMeyer" Set objUser = GetObject("WinNT://" & strDomainOrWorkgroup & "/" & _     strComputer & "/" & strUser & ",User") objUserFlags = objUser.Get("UserFlags") objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD objUser.Put "userFlags", objPasswordExpirationFlag  objUser.SetInfo 

It would be easy to modify this to work for any user of your choice, or even to create a new user.


Finally, here's an example in C#, which you should be able to port to PowerShell. I'm not much of a PS expert, but considering it uses the .NET Framework, the above code should give you some ideas.


From this technet thread.

$computer = $env:Computername$account = ([adsi]"WinNT://$computer/TestAccount")$account.PasswordExpired = 1$account.psbase.commitchanges()

You can add the domain before the computer name if you need to.


Set password never expires for local user. Do not change other flags:

$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000$username = 'user'$user = [adsi] "WinNT://./$username"$user.UserFlags = $user.UserFlags[0] -bor $ADS_UF_DONT_EXPIRE_PASSWD$user.SetInfo()

ADS_USER_FLAG_ENUM enumeration