#"Password!" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "D:\temp\PassordUserExpireScript.txt" | |
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "admin@contoso", (Get-Content "d:\temp\PassordUserExpireScript.txt" | ConvertTo-SecureString) | |
#Gets all users thats enabled and have a expiration date. | |
$Users = Get-ADUser -Filter * -Properties AccountExpirationDate | select AccountExpirationDate,Enabled,UserPRincipalName,samaccountname,name | Where-Object{$_.Enabled -eq $true -and $_.AccountExpirationDate} | |
#Todays date. | |
$today = Get-Date -Format dd/MM/yyyy | |
foreach($User in $users){ | |
($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) | |
#If user have expired we disable it and revoke any Azure AD tokens. | |
If((($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -eq $today) -or (($user.AccountExpirationDate | get-date -Format dd/MM/yyyy) -lt $today)){ | |
Disable-ADAccount -Identity $user.samaccountname | |
Get-AzureADUser -ObjectId $user.UserPRincipalName | Revoke-AzureADUserAllRefreshToken | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment