Convert Active Directory AccountExpires attribute

I wrote a quick function to convert the AccountExpires attribute from the Long Integer value to a DateTime object or a string object of “!! Never !!”.

function Convert-ADAccountExpires ([long] $ticks) {
    # https://msdn.microsoft.com/en-us/library/ms675098(v=vs.85).aspx

    if ( ($ticks -eq 0) -or ($ticks -eq 9223372036854775807) ) {
        $expires = '!! Never !!'
    }
    else {
        $expires = [DateTime]::FromFileTime($ticks)
    }

    write-output $expires
}

Then you can create a calculated property like so:

PS > $expires = @{Label='AccountExpires';Expression={ Convert-ADAccountExpires -ticks $_.AccountExpires } }

And then you can create reports of user accounts and when they expire:

PS> Get-ADUser -filter * | Select Name,SamAccountName,$expires

Looking at this (with slightly bleary eyes), I’m already thinking that I should add CmdletBinding(), change $ticks to $AccountExpires, and add ValueFromPipelineByPropertyName. Something to sleep on.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.