Windows Server

How to set an account expiration date in Active Directory

ADaccountexpiration

The account expiration date is used for access control purposes. Let us assume an organization temporarily create an AD account for someone that needed access to one of your servers or a workstation, there is every possibility that you can forget to disable the account when the person completes his task. This can open the way for unauthorized access to the organization’s system. The best way to stop this from happening is by automating the process by setting an account expiration date on the AD account. If you need more guides on Windows Active Directory then you can read these: Is my AD user account or service account password correct? How to run an App as a different User and switch Users in Windows, How to create Organisation Units, Service Accounts, and Active Directory Security Groups, and the concept of Active Directory Computer Account.

If the project that the external vendor wants to execute will span some weeks and access will be needed then the system admin will have to set the account expiration to the same number of weeks required so that after this period the account will be automatically disabled.

Kindly refer to these related guides: How to find disabled Active Directory User accounts, Restore AD Objects: How to restore deleted user accounts in Active Directory with Microsoft LDP and PowerShell, How to delegate control for Bitlocker recovery keys in Active Directory, Active Directory Ports: Service and network port requirements for Windows. Follow the next steps on how to set the date on the Active Directory

1: Set up the temporary AD account by using the Active Directory Users and Computers

image-44
Active Directory

2. Enter the password for the temporary account

image-45
Password Setup

3. After the account is created then open the Users folder and by the right scroll to the temporary account created and right-click and click Properties.

image-41
Active Directory Users and Computers

4. Click on the Account tab and in the Account expire section uncheck the Never button and click the End of: button and you can now adjust the date to the approved time that the temporary account should expire and click OK.

image-42
Properties

5. If you try to login into the account after this date passed then you should get the message “The user’s account has expired.”

image-43
Account Expired

I hope you found this blog post on How to set an account expiration date in Active Directory interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x