How do I write a script to modify the password expiration values for users on a Windows Server?
The simple solution is to create a batch file that issues the following command:
net accounts /maxpwage:unlimited
However, that will set the maximum password age for all accounts on the local machine to unlimited, not just the new accounts that you have created.
If you need a finer level of control (i.e., the ability to set the password expiration values for individual users), you'll need something a little more complicated. The Scripting Guys share an example of a VBScript that will modify a local user account so that its password never expires:
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 strDomainOrWorkgroup = "Fabrikam" strComputer = "atl-win2k-01" strUser = "KenMeyer" Set objUser = GetObject("WinNT://" & strDomainOrWorkgroup & "/" & _ strComputer & "/" & strUser & ",User") objUserFlags = objUser.Get("UserFlags") objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD objUser.Put "userFlags", objPasswordExpirationFlag objUser.SetInfo
It would be easy to modify this to work for any user of your choice, or even to create a new user.
Finally, here's an example in C#, which you should be able to port to PowerShell. I'm not much of a PS expert, but considering it uses the .NET Framework, the above code should give you some ideas.
From this technet thread.
$computer = $env:Computername$account = ([adsi]"WinNT://$computer/TestAccount")$account.PasswordExpired = 1$account.psbase.commitchanges()
You can add the domain before the computer name if you need to.
Set password never expires for local user. Do not change other flags:
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000$username = 'user'$user = [adsi] "WinNT://./$username"$user.UserFlags = $user.UserFlags[0] -bor $ADS_UF_DONT_EXPIRE_PASSWD$user.SetInfo()