| #"Password!" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "D:\temp\PassordUserExpireScript.txt" | |
| $Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "admin@contoso", (Get-Content "d:\temp\PassordUserExpireScript.txt" | ConvertTo-SecureString) | |
| #Gets all users thats enabled and have a expiration date. | |
| $Users = Get-ADUser -Filter * -Properties AccountExpirationDate | select AccountExpirationDate,Enabled,UserPRincipalName,samaccountname,name | Where-Object{$_.Enabled -eq $true -and $_.AccountExpirationDate} | |
| #Todays date. | |
| $today = Get-Date -Format dd/MM/yyyy | |
| foreach($User in $users){ | |
| ($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) | |
| #If user have expired we disable it and revoke any Azure AD tokens. | |
| If((($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -eq $today) -or (($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -lt $today)){ | |
| Disable-ADAccount -Identity $user.samaccountname | |
| Get-AzureADUser -ObjectId $user.UserPRincipalName | Revoke-AzureADUserAllRefreshToken | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment