In specified OUs, this script sets all user accounts to not expire account or password.
#Array for OUs
$arrOUs = "LDAP://OU=campusUsers,DC=MYDOMAIN,DC=EDU",
"LDAP://OU=campusStudents,DC=MYDOMAIN,DC=EDU"
$i = 0
#Run Against All Users in Specified OU
foreach ($ou in $arrOUs)
{
$ADsPath = [ADSI]$ou
$Search = New-Object DirectoryServices.DirectorySearcher($ADsPath)
$Search.filter = "(objectClass=user)"
$Search.PageSize = 900
$Search.SearchScope = "SubTree"
$results = $Search.Findall()
foreach($result in $results)
{
#Retrieve User Account
$objUser = $result.GetDirectoryEntry()
#Set Account to Not Expire
$objUser.accountExpires = 0
$objUser.setInfo()
#Pull Password Settings and Convert to Int
$crtUAC = [int]($objUser.userAccountControl.ToString())
#If Account is Enabled and\or Requiring Password Change at Next Login
#Set Password Doesn't Expire
if (($crtUAC -eq 512) -or ($crtUAC -eq 544))
{
$objUser.userAccountControl = 66048
$objUser.setInfo()
}
#Same Thing for Disabled Account; However Leave Disabled
elseif ($crtUAC -eq 514)
{
$objUser.userAccountControl = 66050
$objUser.setInfo()
}
$i = $i + 1
write-host $i
}
}
Write-Host 'All Done'
No comments:
Post a Comment