[solved] Expire AD account immediately

Hey, Hi I am back again with the few tips on Active Directory User Accounts. There are few scenarios that we want to expire the account immediately, or sometime we just want to expire account or Password for testing purpose. In case of the password expire, you cannot do it immediately. Instead you can expire the account and select the option for the ‘User must change password at next logon’, so when you login next time password is expired. if you go to your ‘Active Directory Users and Computers’ to the users property, you will not find any facility to expire the user on desired time or just immediate. If you go with the GUI mode, you need to wait till next day. Here are the properties of the User Account on below snap.

Similarly, if you go with the advance panel of the Active Directory user management i.e. ‘Active Directory Administrative Center’ you will still find the same screen you will not have the immediate expire option of the user. For reference below is the snapshot of my user properties as on the Active Directory.

Now when I go to the PowerShell, and try to get the detail of the user. Over there I can find exact time when my user is going to get expire. So in CUI mode I can have a specific time to get the account expire. To expire the account on desired time I can use the following command-line.

‘Set-ADAccountExpiration -Identity <UsersamAccountName> -DateTime <desiredDateAndTime>’

PS C:\>Set-ADAccountExpiration -Identity Prashant -DateTime '11/18/2016 22:00:00'

After the successful command line, you can get the detail of the user when it is going to get expire below is the command line that can help you.

‘Get-ADUser -Identity <UserSamAccountName> -Properties AccountExpirationDate ‘

PS C:\>Get-ADUser -Identity Prashant -Properties AccountExpirationDate

Now you just need to wait till the time when you have set to expire the Account, it can be 1 minute or 5 or 15. Just wait… your account will get expire.