none
exporting null value to AD Accountexpires RRS feed

  • Question

  • Dear All,

    I am trying to delete existing accountexpires value. using following c# script but no luck

    long iFileTime = 9223372036854775807;
                        if (mventry["employeeEndDate"].ToString() != null)
                        {
                            DateTime dtFileTime = DateTime.ParseExact(mventry["employeeEndDate"].Value, "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'", provider);

                            csentry["accountExpires"].IntegerValue = dtFileTime.ToFileTimeUtc();
                        }
                        else
                        {
                            csentry["accountExpires"].IntegerValue = iFileTime;
                        }

    Need Your Help!

    Thanks,

    Shashidhar

    Wednesday, June 27, 2018 7:48 AM

All replies

  • The old value in your screen shot is the largest that can be saved as a 64-bit value. It means the account never expires. You can also assign 0, which also means the account never expires. I have never seen where accountExpires has been assigned "not set". I don't think the system allows it.

    If an account has never had an expiration date, accountExpires has the value you see. If an account is assigned an expiration date, say in ADUC, and then the date is removed, ADUC assigns the value 0 to accountExpires.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, June 28, 2018 12:35 AM
  • Thanks for the reply :)

    our concern is to remove existing assigned date when user continues to work with us.

    Thursday, June 28, 2018 7:01 AM
  • Both 0 and 9,223,372,036,854,775,807 mean the account never expires. The large integer is 2^63 -1. It translates into September 14 of the year 30,828. That is too far in the future to worry about. The AD system does not allow Null to be assigned to accountExpires.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, June 28, 2018 11:03 AM