Expire Password and Email Notification

This topic contains 2 replies, has 3 voices, and was last updated by  Aapeli Hietikko 8 months, 3 weeks ago.

  • Author
    Posts
  • #62851

    Alex Nicastro
    Participant

    Hello,

    Here is a script that will find users who's password that will expire in 30 days and email them.

    #Load Variables
    $expUsers = @();
    $cdate = Get-Date -Format MM-dd-yyyy;
    $result = @();
    $users =@();
    $mdate = (Get-Date).AddDays(30);

    #List Active Users in the Users OU with Password Never Expires attribute False
    $users = Get-ADUser -Filter {enabled -eq $true} -SearchBase "OU=Users,DC=YOUR,DC=DOMAIN" -Properties "msDS-UserPasswordExpiryTimeComputed","Mail","PasswordneverExpires" | Where {($_.Mail -like "*YOURDOMAIN*.COM") -and ($_.PasswordNeverExpires -eq $false)} | Select SamAccountName,Mail,Name,Enabled,msDS-UserPasswordExpiryTimeComputed,PasswordNeverExpires;

    #Convert Expiration Date to MM/dd/YYYY format
    $expUsers = $users | select -Property "SamAccountName","Name","Mail","Enabled","PasswordNeverExpires",@{Name="ExpirationDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}};

    #Get Users whos's expiring in 30 Days
    $exp_Users = $expUsers | Where {$_.ExpirationDate -lt $mdate -and $_.ExpirationDate -gt $cdate}

    foreach ($user in $exp_Users){

    #Convert data to make it readable
    $result += New-Object -TypeName psobject -Property @{

    SamaccountName = @($user).SamaccountName;
    Name = @($user).Name;
    Mail = @($user).Mail;
    Enabled = @($user).Enabled;
    PasswordNeverExpires = @($user).PasswordNeverExpires;
    ExpirationDate = @($user).ExpirationDate;
    }

    }

    #Export Users with Password Never Expires
    $result | Sort ExpirationDate | Export-Csv -NoTypeInformation d:\scripts\ad\ExpiringPasswords-$cdate.Csv

    #Load CSV File
    $ExUsers = Import-Csv D:\Scripts\AD\ExpiringPasswords-$cdate.Csv

    #Get User count
    $c = $ExUsers | Measure;

    #Load Encoding Format
    $encode = [System.Text.Encoding]::UTF8;

    #Loop through users to send email for Expired Passwords
    For ($i = 0; $i -lt $c.Count; $i++)
    {
    $Name = @($exUsers.Name[$i]);
    $ExpDate = @($exUsers.ExpirationDate[$i]).substring(0,10);
    $email = @($exusers.mail[$i]);

    $Subject = “Your Account Password Will Expire on $expdate”
    $Body = “Dear $Name,

    Your Account Password will expire on $expdate. Please change your password.

    Best,
    YOUR NAME"

    #Send-MailMessage -from "ExpirationNotify@YOURDOMAIN.COM" -To $email -Subject $Subject -Body $Body -Priority High -Encoding $encode -SmtpServer "YOURSMTPServer.COM";
    }

    I hope this helps someone out 🙂

    Thanks,
    Alex Nicastro

  • #62860

    Don Jones
    Keymaster

    Thank you!

    Consider refactoring that into a function of some sort, and publishing it as a module to PowerShell Gallery. I'm sure many WILL find it useful!

  • #62881

    Aapeli Hietikko
    Participant

    Here is another doing the same thing. We need to send the message in multiple languages so there is some language specific fixing. I had some troubles with sending emails so I made double logging. This is run twice a week as a scheduled job.

    #Initialization
    
        $smtpServer="smtp.my.super.domain.local.dom"
        $expireindays = 14
        $from = "Automated IT "
        $logging = "Enabled" # Set to Disabled to Disable Logging
        $testRecipient = ""
        $date = Get-Date -format ddMMyyyy
        $maxDomainPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge 
    
    #Logging options
        $logFile = "\\path\$(get-date -Format yyyy-MM-dd)_passwordLog.csv" 
        $EmailLogFile = "\\path\$(get-date -Format yyyy-MM-dd)_email.csv"
        New-Item $logfile -ItemType File -Force
        Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
        New-Item $EmailLogFile -ItemType File -Force
        Add-Content $EmailLogFile "Date,Name,EmailSent"
    
    $users = get-aduser -filter {(PasswordNeverExpires -eq $false) -and (Enabled -eq "true")} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
    
    ForEach ($user in $users) {  
     
        $Name = $user.Name
        $emailaddress = $user.emailaddress
        $passwordSetDate = $user.PasswordLastSet
        $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
        
        # Determine Max Password Age
        if (($PasswordPol) -ne $null) 
            {
            
            $maxPasswordAge = ($PasswordPol).MaxPasswordAge
            
            } #End if ($PasswordPol)
    
        Else 
            { 
            
            $maxPasswordAge = $maxDomainPasswordAge 
            
            } #End Else if (($PasswordPol) -ne $null)
    
        $expireson = $passwordsetdate + $maxPasswordAge
    
        $daystoexpire = (New-TimeSpan -Start $(get-date) -End $Expireson).Days
    
    
        $messageDays = $daystoexpire
    
        if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
            {
    
    
    
            if (($messageDays) -ge "1")
                {
    
                $messageDays = "in " + "$daystoexpire" + " days"
    	        $messageDaysRU = "$daystoexpire"
    	        $messageDaysFI = "$daystoexpire" + " päivän kuluttua"
    	        $messageDaysSE = "om " + "$daystoexpire" + " dagar"
                
                } #End if (($messageDays) -ge "1")
            
            else
                {
                
                $messageDays = "today"
    	        $messageDaysRU = "сегодня"
    	        $messageDaysFI = "tänään"
    	        $messageDaysSE = "i dag"
                
                } #End Else if (($messageDays) -ge "1")
    
            # Email Subject Set Here
            $subject="Your password will expire $messageDays - Срок действия пароля истекает через $messageDaysRU дн."
      
            # Email Body Set Here, Note You can use HTML, including Images.
            $body ="
            Dear $name,
             Your Password will expire $messageDays.
            ------------------------------------------------------------------------------------------
            Hyvä $name, 
            Salasanasi vanhenee $messageDaysFI.
            
            ------------------------------------------------------------------------------------------
            Hej $name, 
            Ditt lösenord kommer att löpa ut $messageDaysSE. 
            
            "
      
    
    
    
            
            Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson" 
            
            #test sending
            if ($emailaddress) {
                try {
    
                    Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding ([System.Text.Encoding]::UTF8) -ErrorAction stop
                
                    "$date,$Name,Yes" | out-file $EmailLogFile -Append
    
                    }
    
                catch {
      
                    "$date,$Name,No" | out-file $EmailLogFile -Append
      
                    }
      
                } #End If
            Else {
                
                "$date,$Name,No" | out-file $EmailLogFile -Append
    
                } #End Else
            } # End if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
    
    
    } #End ForEach ($user in $users)
    

You must be logged in to reply to this topic.