none
Password Never Expires script to set check box to value of true - checked

    Question

  • Hello all,

    I have a script that uses if and elseif in attempt to parse through the accounts within 5 OUs and target the users account, and set the Password Never Expire checkbox to checked ( we want the users password to never expire) ok, here's the debauched script:

    ###############Define our OU variables###################

    $OU1 = "OU=TestOU1,DC=TestDomain,DC=Local"

    $OU2 = "OU=TestOU2,DC=TestDomain,DC=Local"

    $OU3 = "OU=TestOU3,DC=TestDomain,DC=Local"

    $OU4 = "OU=TestOU4,DC=TestDomain,DC=Local"

    $OU5 = "OU=TestOU5,DC=TestDomain,DC=Local"


    #########################################################

    $OutPutLocation = "C:\folder\output.txt"

    #########################################################

    $PasswordNeverExpires = Get-ADUser -Filter * -SearchBase $OU1, $OU2, $OU3, $OU4, $OU5 -Property| passwordneverexpires

     
      if ($PasswordNeverExpires -ge $False)
      {

        Set-ADUser -PasswordNeverExpires:$true

        $OutPutLocation

      }

      elseif  ($PasswordNeverExpires -ge $true)
      {
      
       Write-Host = "Skipped"

        $OutPutLocation

      }

    Any suggestion would be great.

    Thanks In Advance

    Friday, January 26, 2018 11:02 PM

Answers

  • To batch set an attribute we would just to this:

    Get-ADUser -Filter { EmployeeType -eq 'Career' } -SearchBase $OU |
        Set-Aduser -PasswordNeverExpires $true
    


    \_(ツ)_/

    Thursday, February 8, 2018 8:23 PM
    Moderator
  • Hi,

    Based on my research, for multiple OUs, you can have a try with the following script:
    $OU1 = "OU=TestOU1,DC=TestDomain,DC=Local"
    $OU2 = "OU=TestOU2,DC=TestDomain,DC=Local"
    $OU3 = "OU=TestOU3,DC=TestDomain,DC=Local"
    $OU4 = "OU=TestOU4,DC=TestDomain,DC=Local"
    $OU5 = "OU=TestOU5,DC=TestDomain,DC=Local"
    
    $OU1, $OU2, $OU3, $OU4, $OU5 | ForEach-Object {
        Get-ADUser -Filter * -SearchBase $_ -Properties PasswordNeverExpires | ForEach-Object {
            if (!$_.PasswordNeverExpires) {
                Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $true
            }
            else {
                Write-Host 'Skipped'
            }
        }
    }

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 29, 2018 5:42 AM

All replies

  • This is wrong:

    Get-ADUser -Filter * -SearchBase $OU1, $OU2, $OU3, $OU4, $OU5 -Property | passwordneverexpires

    Should be:

    Get-ADUser -Filter * -SearchBase $OU1, $OU2, $OU3, $OU4, $OU5 -Property passwordneverexpires


    \_(ツ)_/

    Friday, January 26, 2018 11:06 PM
    Moderator
  • Almost all of you code is seriously wrong.  I think you need to start by learning PowerShell.  We cannot fix or rewrite scripts that you have copied from the internet in pieces.  You must learn the basics of scripting.

    To get a script that does what you want look in the Gallery.

    This Forum is for Scripting Question Rather than script requests

    Script Gallery.

    Learn PowerShell  

    Script requests


    \_(ツ)_/


    Friday, January 26, 2018 11:10 PM
    Moderator
  • Thanks - I'll change that.
    Friday, January 26, 2018 11:18 PM
  • This was not copied and pasted, I put this together.
    Friday, January 26, 2018 11:19 PM
  • This was not copied and pasted, I put this together.

    Then you most definitely need to learn basic PowerShell.


    \_(ツ)_/

    Friday, January 26, 2018 11:20 PM
    Moderator
  • Got it - have a nice weekend!
    Friday, January 26, 2018 11:20 PM
  • Get-ADUser -Filter * -SearchBase $OU -Property passwordneverexpires |
    	ForEach-Object{
    		if($_.PasswordNeverExpires){
    			Write-Host Skipped
    	    }else{
    			Set-ADUser -PasswordNeverExpires:$true
    		}
    	}

    You can complete the rest after you learn PowerShell.


    \_(ツ)_/


    Friday, January 26, 2018 11:21 PM
    Moderator
  • Got it - have a nice weekend!

    Do the video tutorial and you will be out of the woods by the end of the weekend.


    \_(ツ)_/

    Friday, January 26, 2018 11:24 PM
    Moderator
  • I'll do that - I'll post the completed script once finalized. Thanks for your help.
    Friday, January 26, 2018 11:32 PM
  • Or post back with a more specific question.


    \_(ツ)_/

    Friday, January 26, 2018 11:33 PM
    Moderator
  • Hi,

    Based on my research, for multiple OUs, you can have a try with the following script:
    $OU1 = "OU=TestOU1,DC=TestDomain,DC=Local"
    $OU2 = "OU=TestOU2,DC=TestDomain,DC=Local"
    $OU3 = "OU=TestOU3,DC=TestDomain,DC=Local"
    $OU4 = "OU=TestOU4,DC=TestDomain,DC=Local"
    $OU5 = "OU=TestOU5,DC=TestDomain,DC=Local"
    
    $OU1, $OU2, $OU3, $OU4, $OU5 | ForEach-Object {
        Get-ADUser -Filter * -SearchBase $_ -Properties PasswordNeverExpires | ForEach-Object {
            if (!$_.PasswordNeverExpires) {
                Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $true
            }
            else {
                Write-Host 'Skipped'
            }
        }
    }

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 29, 2018 5:42 AM
  • Thank you Albert! that worked perfect!
    Tuesday, January 30, 2018 12:58 AM
  • Hello

    I hate to keep hounding you guys!

    I've been asked to change up the script by reading the employeeType attribute, I've declared the attribute as "employeeType" and $_.employeeType - still wont set the PasswordNeverExpires attribute.  Please see script modified and kludged below:

    $OU1 = "OU=TestOU1,DC=TestDomain,DC=Local"
    $OU2 = "OU=TestOU2,DC=TestDomain,DC=Local"
    $OU3 = "OU=TestOU3,DC=TestDomain,DC=Local"
    $OU4 = "OU=TestOU4,DC=TestDomain,DC=Local"
    $OU5 = "OU=TestOU5,DC=TestDomain,DC=Local"

    $OU1 | ForEach-Object {
        Get-ADUser -Filter * -SearchBase $_ -Properties PasswordNeverExpires, employeeType | ForEach-Object {
            if ("employeeType" -eq "Career") {
                Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $true
                Write-Output "##########" $_.SamAccountName "#################" "Account Set" >> 'C:\temp\outfileset.txt' - Force
            }
            else {
               
                Write-Output "##########" $_.SamAccountName "#################" "Account Skipped" >> 'C:\temp\outfileskipped.txt' -Force
               
            }      
            
        }


    Thanks In Advance for any suggestions!
    • Edited by PowerShellNewb77 Thursday, February 8, 2018 5:37 PM To say thanks in advnace.
    Thursday, February 8, 2018 5:36 PM
  • Please start a new question.  The original question has been answered.


    \_(ツ)_/

    Thursday, February 8, 2018 8:21 PM
    Moderator
  • To batch set an attribute we would just to this:

    Get-ADUser -Filter { EmployeeType -eq 'Career' } -SearchBase $OU |
        Set-Aduser -PasswordNeverExpires $true
    


    \_(ツ)_/

    Thursday, February 8, 2018 8:23 PM
    Moderator
  • Thank you JRV and Albert!!!  Please see addition to script with batch set employeeType attribute:

    $OU1 = "OU=TestOU1,DC=TestDomain,DC=Local"
    $OU2 = "OU=TestOU2,DC=TestDomain,DC=Local"
    $OU3 = "OU=TestOU3,DC=TestDomain,DC=Local"
    $OU4 = "OU=TestOU4,DC=TestDomain,DC=Local"
    $OU5 = "OU=TestOU5,DC=TestDomain,DC=Local"

    $OU1 | ForEach-Object {
        Get-ADUser -Filter { EmployeeType -eq 'Employee: Career' } -SearchBase $_ -Properties PasswordNeverExpires, employeeType | ForEach-Object {
            if ($_.PasswordNeverExpires) {
                Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires $true
                Write-Output "##########" $_.SamAccountName "#################" "Account Set" >> 'C:\temp\outfileset.txt' - Force
            }
            else {
               
                Write-Output "##########" $_.SamAccountName "#################" "Account Skipped" >> 'C:\temp\outfileskipped.txt' -Force
               
            }      
            
        }

    Friday, February 9, 2018 6:29 PM