Bulk removal of Password Never Expires checkbox in AD

No one intends this but it is a problem that sooner or later you will be come across in your system administrator career.

I’ve see this resolved many different ways, but I like to narrow it down to a particular OU. Depending on your case you may want to clean this across the board in AD.

Here is command prompt to the rescue:

dsquery user "OU=Microsoft,DC=Redmond,DC=CORP,DC=LOCAL" -limit 4000 | dsmod user -pwdneverexpires no

1	dsquery user "OU=Microsoft,DC=Redmond,DC=CORP,DC=LOCAL" -limit 4000 \| dsmod user -pwdneverexpires no

I haven’t tried this, but some have said the following works in Powershell:

For OU:

Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" | Set-ADUser -PasswordNeverExpires:$FALSE

1	Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" \| Set-ADUser -PasswordNeverExpires:$FALSE

For AD:

Get-ADUser -Filter {(ObjectClass -eq "user")} | Set-ADUser -PasswordNeverExpires:$FALSE

1	Get-ADUser -Filter {(ObjectClass -eq "user")} \| Set-ADUser -PasswordNeverExpires:$FALSE