To safely use temporary AD accounts, for example for guests or consultants, always make sure to set an expiration date.
Here is some sample code that illustrates how to set an expiration date 20 days from today:
#requires -Version 1 -Modules ActiveDirectory # SAMAccount name $user = 'user12' # days when to expire $Days = 20 # expiration date is today plus the number of days $expirationDate = (Get-Date).AddDays($Days) Set-ADUser -Identity $user -AccountExpirationDate $expirationDate
Note that this code requires the Active Directory module which ships with the free RSAT tools.
If your computer is not connected to the AD, but you have a valid AD account, you can manually connect to the AD like so:
#requires -Version 1 -Modules ActiveDirectory # Name or IP of DC $ServerName = '10.10.12.110' # Logon credentials $Credential = Get-Credential # SAMAccount name $user = 'user12' # days when to expire $Days = 20 # expiration date is today plus the number of days $expirationDate = (Get-Date).AddDays($Days) Set-ADUser -Identity $user -AccountExpirationDate $expirationDate -Server $ServerName -Credential $Credential
