How to change the Password never expires attribute and set a password expiration date using PowerShell
The two scripts below can be used to set the Password never expires attribute to true and change the password expiration date in Active Directory (AD).
Set the Password never expires attribute
To set the Password never expires attribute for AD users:
Set-ADUser -Identity $User -PasswordNeverExpires $true
Set the password expiration date
You can extend the validity of an AD password by setting the pwdlastset attribute to -1, which sets the value of the attribute to the current date and time.
$User = Get-ADUser $Username -Properties pwdlastset
$User.pwdlastset = 0
Set-ADUser -Instance $User
$User.pwdlastset = -1
Set-ADUser -Instance $User
Automate AD password expiration notifications using ADSelfService Plus
ADSelfService Plus is an integrated AD self-service password management and single sign-on solution that provides a customizable password expiration notification scheduler. Using this feature, you can customize:
- Which users receive the notification:
You can create different schedulers for different domains, organizational units, and groups in your organization.
- Where users receive the notification:
You can choose to send it through a push notification on their mobile phone, SMS, or email.
- When users receive the notification:
You can start sending the notification n days before password expiration and keep sending them daily, weekly, or on specific days from then.
To learn more about ADSelfService Plus, click here.