Applies To:

GroupID 9 and 10 - AutomateSelf-Service

Business Requirement:

We have multiple groups in our environment and we want to set different expiry policies for different sets of groups.


An expiry policy can be applied to groups in multiple ways, depending on the requirement. You can apply it to a single group, to an OU, or to all groups in the domain.


To apply the expiry policy through the command line, launch GroupID Management Shell and execute the relevant command. Note that the number of days set for the expiry policy must be one of the supported values.

Single Group:

To apply the expiry policy on a single group, use the identity switch with the DN of the group you want to apply the policy to.

Here is how the command looks and behaves when we run it in GroupID Management Shell:

All Groups in an OU:

To apply the policy on multiple groups, use the SearchContainer filter with the DN of the OU and then use the Set-Group switch to apply. The given command will retrieve all the groups from the specified OU and apply a 60-day expiry policy to all of them.

All Groups in the Domain:

The command will remain the same as in case of an OU; however, this time you will use the domain name.


  • Set-Group -Identity " DN of the target group"-ExpirationPolicy '60'
  • Get-Group -SearchContainer"DN of the target OU"| Set-Group -ExpirationPolicy '60'
  • Get-Group -SearchContainer"target domain"| Set-Group -ExpirationPolicy '60'

For more information, type the cmdlet, get-help Set-Group –Full or refer to the GroupID Management Shell guide.


GroupID Management Shell Guide