This is probably more of an Active Directory question, but wanted to ask here first in case anyone has experienced this and in case I am doing something incorrect with the PS code.
I am updating an Active Directory user account expiration date. First I verify it is null:
Checking again, and now the setting shows “10/6/2017 5:00:00 PM”. Great! However, when I verify the setting in ADUC, it shows that the account is ending at the end of 10/5/17. I’m aware that if you only specify a day and not a time, it will expire the account at midnight and will show up as the date prior. But I am doing something different, and if what ADUC displays is correct, then the account will expire at the end of the day 10/5/17 (midnight) when I actually need it to expire at the end of the business day on 10/6/17.
If this is beyond the scope of this forum I’ll be happy to ask elsewhere if anyone has any suggestions for AD/Powershell related issues.
I think it’s working as expected. Account expiration does not take a time component. So if you expire the account on 10/6/17 it means the account is valid until 10/5/17 11:59:59. So to allow the account to function through 10/6/17 you would expire it on 10/7/17 which expires it on 10/6/17 at 11:59:59.
The expiration date does support a full timestamp, ADUC does not allow you to set it. It shows the last full day where the account will work. You can set it for 5pm on a specific day, you just have to use Powershell or a direct attribute lookup to see or set set the true expiration date/time.
