Author Posts

April 6, 2017 at 11:43 am

We have a hybrid environment with Office 365. Exchange 2013 server with EAC onsite and our Office 365 tenancy. I would like to find a PowerShell script to email users password expiration emails similar to that provided here https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27 but would be suitable in our environment. Can anyone assist?

April 6, 2017 at 1:00 pm

this should help did something along this line a while ago, looks at AD passwords on prem & mails anything that is about to expire in 14 days or less

Change lines

4 – Number of days before password expires
31 – "One level" for single OU only maybe what you need ?
46 – OU Location


# Specify number of days. Any users whose passwords expire within
# this many days after today will be processed.
$intDays = 14

# Retrieve Domain maximum password age policy, in days.
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$MPA = $Domain.maxPwdAge.Value
# Convert to Int64 ticks (100-nanosecond intervals).
$lngMaxPwdAge = $Domain.ConvertLargeIntegerToInt64($MPA)
# Convert to days.
$MaxPwdAge = -$lngMaxPwdAge/(600000000 * 1440)

# Determine the password last changed date such that the password
# would just now be expired. We will not process any users whose
# password has already expired.
$Now = Get-Date
$Date1 = $Now.AddDays(-$MaxPwdAge)

# Determine the password last changed date such the password
# will expire $intDays in the future.
$Date2 = $Now.AddDays($intDays - $MaxPwdAge)

# Convert from PowerShell ticks to Active Directory ticks.
$64Bit1 = $Date1.Ticks - 504911232000000000
$64Bit2 = $Date2.Ticks - 504911232000000000

$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 100
$Searcher.SearchScope = "onelevel"

# Filter on user objects where the password expires between the
# dates specified, the account is not disabled, password never
# expires is not set, password not required is not set.
# and password cannot change is not set.
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
    + "(pwdLastSet>=" + $($64Bit1) + ")" `
    + "(pwdLastSet $Null
$Searcher.PropertiesToLoad.Add("name") > $Null
$Searcher.PropertiesToLoad.Add("Company") > $Null
$Searcher.PropertiesToLoad.Add("pwdLastSet") > $Null
$Searcher.PropertiesToLoad.Add("mail") > $Null

# Only search the specified OU.
$Searcher.Searchroot = "LDAP://OU=Users,DC=contoso,DC=com"

$Results = $Searcher.FindAll()
#ForEach ($Result In $Results)
{
    # Retrieve attribute values for this user.
    $Samaccountname = $Result.Properties.Item("sAMAccountName")
    $PLS = $Result.Properties.Item("pwdLastSet")
    $Mail = $Result.Properties.Item("mail")
    $Displayname = $Result.Properties.Item("name")
    $Company = $Result.Properties.Item("Company")

    If ($PLS.Count -eq 0)
    {
        $Date = [DateTime]0
    }
    Else
    {
        # Interpret 64-bit integer as a date.
        $Date = [DateTime]$PLS.Item(0)
    }
    # Convert from .NET ticks to Active Directory Integer8 ticks.
    # Also, convert from UTC to local time.
    $PwdLastSet = $Date.AddYears(1600).TolocalTime()
    # Determine when password expires.
    $PwdExpires = $PwdLastSet.AddDays($MaxPwdAge)
    # Convert to UK Date Format
    $PWDRES = $PwdExpires.ToLongDateString()
    
    #Get Total Days Remaining
    $Remaining = $PwdExpires - (get-date) | Select days -ExpandProperty days

    #Get Subject Date
    $SubjectDate = $Pwdres
    

    # Output information for this user.


    $text = "BODY{font-family:'Times New Roman'};P{font-family:'Times New Roman'};TABLE{font-family:'Times New Roman'}"
    $text = $text + "Dear Sir/Madam,"

    $text = $text + " your account password is due to expire in $Remaining days."
 
   

    ##Variables
$smtpServer = "smtp.contoso.com"
$From = "support@contoso.com"
$SubjectCPY = "Your Arup Account Password is Due to Expire on $SubjectDate"
$Body = "$text"
$to ="someone@someone.com"

#Email Content
## -cc $mail will mail user account
Send-Mailmessage -smtpServer $smtpServer -from $from -to $to -subject $subjectCPY -priority High -Body $Body -BodyAsHtml