I came across a posting today where someone wanted to set the account expires attribute to never using LDIFDE. It can be done using ldifde and using the ds tools.
********************************************
LDIFDE or how I learned to love DS tools
********************************************
C:\>ldifde -d "ou=test,dc=lab,dc=com" -s dcname -r "(&(cn=*))" -l accountexpires -f accExpires.txt
Here's what you'll get
----- Begin File: proxies.txt-----
dn: CN=Heras, Teo,ou=test,dc=lab,dc=com
changetype: add
accountExpires: 9223372036854775807
----- End File-----
Edit the file so it looks like this:
----- Begin File: proxies.txt -----
dn: CN=Heras, Teo,ou=test,dc=lab,dc=com
changetype: modify <---- change from add to modify
replace: accountExpires <---- This was added
accountExpires: 0 <----- this means never
- <---This is critical and the log file will tell you
----- End File -----
Finally, import the changes
c:\ldifde -i -f proxies.txt -s dcname -j c:-i means import, -j c:
********************************************
DS Tools
********************************************
dsquery user "ou=NoExpireDate,dc=lab,dc=com" | dsmod user -acctExpires Never
