Share via

Powershell disable never expire in specific OU

Kevin Savard Vertisoft 86 Reputation points
2023-03-08T15:17:33.28+00:00

Hello,

I would like to know what is wrong with my code. I can't figure it out. I will post the error underneath. I hid the OU for security purposes. I copy and paste the distinguishedName from the attribute editor so I know I don't make mistake in the script. Some part are in french. Feel free to ask for a translation if necessary.

I'm still learning powershell please forgive my lack of knowledge.

Thanks!

Get-ADUser : Impossible de lier le paramètre «SearchScope». Impossible de convertir la valeur «OU=blabla,OU=blabla BLA,DC=BLA,DC=local» en type «
Microsoft.ActiveDirectory.Management.ADSearchScope». Erreur: «Impossible de faire correspondre le nom d'identificateur OU=LAME,OU=Groupe LSP,DC=lsp,DC=local à un nom d'énumérateur valide. 
Spécifiez l'un des noms d'énumérateur suivants et réessayez :
Base, OneLevel, Subtree »
Au caractère C:\Users\Admin\Desktop\set never expire off in ou.ps1:3 : 43
+         Get-ADUser -filter * -SearchScope $OUs -properties Name, Pass ...
+                                           ~~~~
    + CategoryInfo          : InvalidArgument : (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.GetADUser

$OUs = 'OU=blabla,OU=blabla BLA,DC=BLA,DC=local'
ForEach ($OU in $OUs){
        Get-ADUser -filter * -SearchScope $OU -properties Name, PasswordNeverExpires | 
            Where-Object { $_.passwordNeverExpires -eq "true" } | 
                Where-Object {$_.enabled -eq "true"} |             
                    Set-ADUser -PasswordNeverExpires:$false
                    }
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,246 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,329 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 45,906 Reputation points
    2023-03-08T16:14:01.8366667+00:00

    The OU name would be used with the Get-ADUser -SearchBase parameter. The "-SearchScope" parameter would be used to determine how much of the OU is to be seached. E.G.,

    • Base: just get the object specified
    • OneLevel: Search only the children of the SearchBase parameter (or the default if not specified)
    • SubTree: Search the children of the SearchBase parameter (or the default if not specified) and contents of all its child OUs, grandchildren OUs, great-grandchildren, etc.
    0 comments