AD password expiracy - mail group of users

This topic contains 1 reply, has 2 voices, and was last updated by  Steve Flowers 1 year, 10 months ago.

  • Author
    Posts
  • #31795

    KIM42863 .
    Participant

    Hi,
    I am very newbie for powershell. I have found a lot of scipts on the net, where users get a mail before their password will expire.

    What I look for is a script that mail specific user fx. 7 days before it will expire. It is only must work for about 5 people, so it should not generate mail to all ad users

    I have found the following script, where I tried to create an array for more users.

    I don´t know if any can help me. As I wrote, I am newbie in powershell. So if any has any comments or maybe a link to a script I can use

    # Please Configure the following variables....
    $smtpServer="mailgate.test.com"
    $expireindays = 10
    $from = "Company Administrator "
    $logging = "Enabled" # Set to Disabled to Disable Logging
    $logFile = "c:\utils\myloc.csv" # ie. c:\mylog.csv
    $testing = "Enabled" # Set to Disabled to Email Users
    $testRecipient = "test@mail.com"
    $date = Get-Date -format ddMMyyyy
    #
    ###################################################################################################################

    # Check Logging Settings
    if (($logging) -eq "Enabled")
    {
    # Test Log File Path
    $logfilePath = (Test-Path $logFile)
    if (($logFilePath) -ne "True")
    {
    # Create CSV File and Headers
    New-Item $logfile -ItemType File
    Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
    }
    } # End Logging Check

    # Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
    Import-Module ActiveDirectory

    $array = @(firstname lastname (initials)')
    $users = ($array | Foreach-Object { Get-ADUser -Filter { name -eq $_ } -Properties GivenName, sn, PasswordExpired, PasswordLastSet, PasswordneverExpires, LastLogonDate |
    where { $_.PasswordNeverExpires -eq $false } |
    where { $_.passwordexpired -eq $false } })

    # Process Each User for Password Expiry
    foreach ($user in $users)
    {
    Write-Output "— $($user.name) —"
    $Name = $user.Name
    $emailaddress = $user.emailaddress
    $passwordSetDate = $user.PasswordLastSet
    $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
    # Check for Fine Grained Password
    if (($PasswordPol) -ne $null)
    {
    $maxPasswordAge = ($PasswordPol).MaxPasswordAge
    }
    else
    {
    # No FGP set to Domain Default
    $maxPasswordAge = $DefaultmaxPasswordAge
    }

    $Expiration = $passwordsetdate + $maxPasswordAge
    $today = (get-date)
    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

    # Set Greeting based on Number of Days to Expiry.

    # Check Number of Days to Expiry
    $messageDays = $daystoexpire

    if (($messageDays) -ge "1")
    {
    $messageDays = "in " + "$daystoexpire" + " days."
    }
    else
    {
    $messageDays = "today."
    }

    # Email Subject Set Here
    $subject="Your password will expire $messageDays"

    # Email Body Set Here, Note You can use HTML, including Images.
    $body ="
    Dear $name,
    Your Password will expire $messageDays.
    To change your password on a PC press CTRL ALT Delete and chose Change Password
    Thanks,
    "

    # If Testing Is Enabled – Email Administrator
    if (($testing) -eq "Enabled")
    {
    $emailaddress = $testRecipient
    } # End Testing

    # If a user has no email address listed
    if (($emailaddress) -eq $null)
    {
    $emailaddress = $testRecipient
    }# End No Valid Email

    # Send Email Message
    if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
    {
    # If Logging is Enabled Log Details
    if (($logging) -eq "Enabled")
    {
    Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson"
    }
    # Send Email Message
    Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High

    } # End Send Message

    } # End User Processing

    # End

  • #31850

    Steve Flowers
    Participant

    Do you have a specific question or are you completely lost on how to get started with this?

You must be logged in to reply to this topic.