Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
#"Password!" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "D:\temp\PassordUserExpireScript.txt"
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "admin@contoso", (Get-Content "d:\temp\PassordUserExpireScript.txt" | ConvertTo-SecureString)
#Gets all users thats enabled and have a expiration date.
$Users = Get-ADUser -Filter * -Properties AccountExpirationDate | select AccountExpirationDate,Enabled,UserPRincipalName,samaccountname,name | Where-Object{$_.Enabled -eq $true -and $_.AccountExpirationDate}
#Todays date.
$today = Get-Date -Format dd/MM/yyyy
foreach($User in $users){
($user.AccountExpirationDate | get-date -Format dd/MM/yyyy)
#If user have expired we disable it and revoke any Azure AD tokens.
If((($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -eq $today) -or (($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -lt $today)){
Disable-ADAccount -Identity $user.samaccountname
Get-AzureADUser -ObjectId $user.UserPRincipalName | Revoke-AzureADUserAllRefreshToken
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment