Expire Password and Email Notification

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Aapeli Hietikko Aapeli Hietikko 2 months ago.

  • Author
    Posts
  • #62851
    Profile photo of Alex Nicastro
    Alex Nicastro
    Participant

    Hello,

    Here is a script that will find users who's password that will expire in 30 days and email them.

    #Load Variables
    $expUsers = @();
    $cdate = Get-Date -Format MM-dd-yyyy;
    $result = @();
    $users =@();
    $mdate = (Get-Date).AddDays(30);

    #List Active Users in the Users OU with Password Never Expires attribute False
    $users = Get-ADUser -Filter {enabled -eq $true} -SearchBase "OU=Users,DC=YOUR,DC=DOMAIN" -Properties "msDS-UserPasswordExpiryTimeComputed","Mail","PasswordneverExpires" | Where {($_.Mail -like "*YOURDOMAIN*.COM") -and ($_.PasswordNeverExpires -eq $false)} | Select SamAccountName,Mail,Name,Enabled,msDS-UserPasswordExpiryTimeComputed,PasswordNeverExpires;

    #Convert Expiration Date to MM/dd/YYYY format
    $expUsers = $users | select -Property "SamAccountName","Name","Mail","Enabled","PasswordNeverExpires",@{Name="ExpirationDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}};

    #Get Users whos's expiring in 30 Days
    $exp_Users = $expUsers | Where {$_.ExpirationDate -lt $mdate -and $_.ExpirationDate -gt $cdate}

    foreach ($user in $exp_Users){

    #Convert data to make it readable
    $result += New-Object -TypeName psobject -Property @{

    SamaccountName = @($user).SamaccountName;
    Name = @($user).Name;
    Mail = @($user).Mail;
    Enabled = @($user).Enabled;
    PasswordNeverExpires = @($user).PasswordNeverExpires;
    ExpirationDate = @($user).ExpirationDate;
    }

    }

    #Export Users with Password Never Expires
    $result | Sort ExpirationDate | Export-Csv -NoTypeInformation d:\scripts\ad\ExpiringPasswords-$cdate.Csv

    #Load CSV File
    $ExUsers = Import-Csv D:\Scripts\AD\ExpiringPasswords-$cdate.Csv

    #Get User count
    $c = $ExUsers | Measure;

    #Load Encoding Format
    $encode = [System.Text.Encoding]::UTF8;

    #Loop through users to send email for Expired Passwords
    For ($i = 0; $i -lt $c.Count; $i++)
    {
    $Name = @($exUsers.Name[$i]);
    $ExpDate = @($exUsers.ExpirationDate[$i]).substring(0,10);
    $email = @($exusers.mail[$i]);

    $Subject = “Your Account Password Will Expire on $expdate”
    $Body = “Dear $Name,

    Your Account Password will expire on $expdate. Please change your password.

    Best,
    YOUR NAME"

    #Send-MailMessage -from "ExpirationNotify@YOURDOMAIN.COM" -To $email -Subject $Subject -Body $Body -Priority High -Encoding $encode -SmtpServer "YOURSMTPServer.COM";
    }

    I hope this helps someone out 🙂

    Thanks,
    Alex Nicastro

  • #62860
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Thank you!

    Consider refactoring that into a function of some sort, and publishing it as a module to PowerShell Gallery. I'm sure many WILL find it useful!

  • #62881
    Profile photo of Aapeli Hietikko
    Aapeli Hietikko
    Participant

    Here is another doing the same thing. We need to send the message in multiple languages so there is some language specific fixing. I had some troubles with sending emails so I made double logging. This is run twice a week as a scheduled job.

    #Initialization
    
        $smtpServer="smtp.my.super.domain.local.dom"
        $expireindays = 14
        $from = "Automated IT "
        $logging = "Enabled" # Set to Disabled to Disable Logging
        $testRecipient = ""
        $date = Get-Date -format ddMMyyyy
        $maxDomainPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge 
    
    #Logging options
        $logFile = "\\path\$(get-date -Format yyyy-MM-dd)_passwordLog.csv" 
        $EmailLogFile = "\\path\$(get-date -Format yyyy-MM-dd)_email.csv"
        New-Item $logfile -ItemType File -Force
        Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
        New-Item $EmailLogFile -ItemType File -Force
        Add-Content $EmailLogFile "Date,Name,EmailSent"
    
    $users = get-aduser -filter {(PasswordNeverExpires -eq $false) -and (Enabled -eq "true")} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
    
    ForEach ($user in $users) {  
     
        $Name = $user.Name
        $emailaddress = $user.emailaddress
        $passwordSetDate = $user.PasswordLastSet
        $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
        
        # Determine Max Password Age
        if (($PasswordPol) -ne $null) 
            {
            
            $maxPasswordAge = ($PasswordPol).MaxPasswordAge
            
            } #End if ($PasswordPol)
    
        Else 
            { 
            
            $maxPasswordAge = $maxDomainPasswordAge 
            
            } #End Else if (($PasswordPol) -ne $null)
    
        $expireson = $passwordsetdate + $maxPasswordAge
    
        $daystoexpire = (New-TimeSpan -Start $(get-date) -End $Expireson).Days
    
    
        $messageDays = $daystoexpire
    
        if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
            {
    
    
    
            if (($messageDays) -ge "1")
                {
    
                $messageDays = "in " + "$daystoexpire" + " days"
    	        $messageDaysRU = "$daystoexpire"
    	        $messageDaysFI = "$daystoexpire" + " päivän kuluttua"
    	        $messageDaysSE = "om " + "$daystoexpire" + " dagar"
                
                } #End if (($messageDays) -ge "1")
            
            else
                {
                
                $messageDays = "today"
    	        $messageDaysRU = "сегодня"
    	        $messageDaysFI = "tänään"
    	        $messageDaysSE = "i dag"
                
                } #End Else if (($messageDays) -ge "1")
    
            # Email Subject Set Here
            $subject="Your password will expire $messageDays - Срок действия пароля истекает через $messageDaysRU дн."
      
            # Email Body Set Here, Note You can use HTML, including Images.
            $body ="
            Dear $name,
             Your Password will expire $messageDays.
            ------------------------------------------------------------------------------------------
            Hyvä $name, 
            Salasanasi vanhenee $messageDaysFI.
            
            ------------------------------------------------------------------------------------------
            Hej $name, 
            Ditt lösenord kommer att löpa ut $messageDaysSE. 
            
            "
      
    
    
    
            
            Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson" 
            
            #test sending
            if ($emailaddress) {
                try {
    
                    Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding ([System.Text.Encoding]::UTF8) -ErrorAction stop
                
                    "$date,$Name,Yes" | out-file $EmailLogFile -Append
    
                    }
    
                catch {
      
                    "$date,$Name,No" | out-file $EmailLogFile -Append
      
                    }
      
                } #End If
            Else {
                
                "$date,$Name,No" | out-file $EmailLogFile -Append
    
                } #End Else
            } # End if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
    
    
    } #End ForEach ($user in $users)
    

You must be logged in to reply to this topic.