Set-ADAccountExpiration setting shows wrong in ADUC

This is probably more of an Active Directory question, but wanted to ask here first in case anyone has experienced this and in case I am doing something incorrect with the PS code.

I am updating an Active Directory user account expiration date. First I verify it is null:

Get-ADuser -Identity ZTest -Properties AccountExpirationDate

Then I change the expiration date:

Set-ADAccountExpiration -Identity ZTest -DateTime "10/06/17 17:00:00"

Checking again, and now the setting shows “10/6/2017 5:00:00 PM”. Great! However, when I verify the setting in ADUC, it shows that the account is ending at the end of 10/5/17. I’m aware that if you only specify a day and not a time, it will expire the account at midnight and will show up as the date prior. But I am doing something different, and if what ADUC displays is correct, then the account will expire at the end of the day 10/5/17 (midnight) when I actually need it to expire at the end of the business day on 10/6/17.

If this is beyond the scope of this forum I’ll be happy to ask elsewhere if anyone has any suggestions for AD/Powershell related issues.

This thread may show some light on it

I think it’s working as expected. Account expiration does not take a time component. So if you expire the account on 10/6/17 it means the account is valid until 10/5/17 11:59:59. So to allow the account to function through 10/6/17 you would expire it on 10/7/17 which expires it on 10/6/17 at 11:59:59.

Thank you both. Simon, that link perfectly answers my question.

The expiration date does support a full timestamp, ADUC does not allow you to set it. It shows the last full day where the account will work. You can set it for 5pm on a specific day, you just have to use Powershell or a direct attribute lookup to see or set set the true expiration date/time.

Thanks Ron! Didn’t even know that. :slight_smile:

You could also try Set-ADAccountExpiration cmdlet sets the expiration time for a user, computer or service account.

Set-ADAccountExpiration [-Identity] [-TimeSpan] [-DateTime] [-AuthType { | }] [-Credential ] [-Partition ] [-PassThru ] [-Server ] [-Confirm] [-WhatIf] []

Here is related article for your help.