Recipe 6.25 Setting a User's Account to Expire in the Future
You want a user's account to expire at some point in the future.
18.104.22.168 Using a graphical user interface
22.214.171.124 Using a command-line interface
Valid values for the -acctexpires flag include a positive number of days in the future when the account should expire, to expire the account at the end of the day, or "never" to disable account expiration.
> dsmod user "<UserDN>" -acctexpires <NumDays>
126.96.36.199 Using VBScript
' This code sets the account expiration date for a user. ' ------ SCRIPT CONFIGURATION ------ strExpireDate = "<Date>" ' e.g. "07/10/2004" strUserDN = "<UserDN>" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) objUser.AccountExpirationDate = strExpireDate objUser.SetInfo WScript.Echo "Set user " & strUserDN & " to expire on " & strExpireDate ' These two lines would disable account expiration for the user ' objUser.Put "accountExpires", 0 ' objUser.SetInfo
User accounts can be configured to expire on a certain date. Account expiration is stored in the accountExpires attribute on a user object. This attribute contains a large integer representation of the date in which the account expires. If you set this attribute to 0, it disables account expiration for the user (i.e., the account will never expire). Note that this is different than the dsmod user command where a value of 0 with -acctexpires will cause the account to expire at the end of the day. Why does it differ from how the accountExpires attribute works? Great question.
6.25.4 See Also
MS KB 318714 (HOW TO: Limit User Logon Time in a Domain in Windows 2000) and MSDN: Account Expiration