My institution is attempting to, with the addition of AD Manager to our toolset, set an account expiration policy for our users (We are a college). We have specific dates upon which we would like the accounts to expire upon, so that students are still able to have an account to register for classes with.
Using a powershell session, I can verify that the script does work as intended. When attempting to use the script in conjunction with an AD User Creation template, however, it fails to properly set the account expiration date.
I've attempted to verify that the script works when ran through a powershell session (It does), I've made sure that script execution on the server that hosts AD Manager is enabled, and I've tried the script both with and without importing the active-directory module to ensure that it runs. I can see in my logs that the script is being successfully passed the SAMAccountName for each user.
I thought that perhaps the issue was that the account creation template also included by default the feature for account expiration, and removed that field from the template, but still same results: Account gets generated with an expiration set to "Never".
I've attempted to call the script via using powershell C:\Location\to\File as well as using the full path to Powershell to call the program. Neither apparently works.
Below is a copy of my powershell code:
Param(
[string]$identity
)
<#
Description:
This script looks at the date and sets the account expiration date for the end of the add/drop period for various semesters.
#>
import-module activedirectory
[DateTime]$date = get-date
[DateTime]$year = $date.Year
[DateTime]$newyear = $year.AddYears(1)
[DateTime]$spring = "01/24/" + $date.Year
[DateTime]$fall = "09/14/" + $date.Year
[DateTime]$fallexpire = "12/20/" + $date.Year
[DateTime]$springexpire = "05/09/" +$date.Year
if ($date -ge $spring -and $date -le $fall) {
$expire = $fallexpire.AddYears(1)
set-AdUser -Identity $identity -AccountExpirationDate $expire
#This Line for Debugging purposes only to ensure proper working of script. Comment out when going live.
#get-Aduser $identity -Properties AccountExpirationDate | Select-Object Name,SamAccountName,AccountExpirationDate
}
elseif ($date -ge $fall -and $date -lt $newyear) {
$expire = $springexpire.AddYears(2)
set-AdUser -Identity $identity -AccountExpirationDate $expire
#This Line for Debugging purposes only to ensure proper working of script. Comment out when going live.
#get-Aduser $identity -Properties AccountExpirationDate | Select-Object Name,SamAccountName,AccountExpirationDate
}
else {
$expire = $springexpire.AddYears(1)
set-Aduser -Identity $identity -AccountExpirationDate $expire
}