PowerShell password exipration email script

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Mark Prior Mark Prior 3 weeks, 1 day ago.

  • Author
    Posts
  • #68095
    Profile photo of Roger
    Roger
    Participant

    We have a hybrid environment with Office 365. Exchange 2013 server with EAC onsite and our Office 365 tenancy. I would like to find a PowerShell script to email users password expiration emails similar to that provided here https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27 but would be suitable in our environment. Can anyone assist?

  • #68109
    Profile photo of Mark Prior
    Mark Prior
    Participant

    this should help did something along this line a while ago, looks at AD passwords on prem & mails anything that is about to expire in 14 days or less

    Change lines

    4 – Number of days before password expires
    31 – "One level" for single OU only maybe what you need ?
    46 – OU Location

    
    # Specify number of days. Any users whose passwords expire within
    # this many days after today will be processed.
    $intDays = 14
    
    # Retrieve Domain maximum password age policy, in days.
    $D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $Domain = [ADSI]"LDAP://$D"
    $MPA = $Domain.maxPwdAge.Value
    # Convert to Int64 ticks (100-nanosecond intervals).
    $lngMaxPwdAge = $Domain.ConvertLargeIntegerToInt64($MPA)
    # Convert to days.
    $MaxPwdAge = -$lngMaxPwdAge/(600000000 * 1440)
    
    # Determine the password last changed date such that the password
    # would just now be expired. We will not process any users whose
    # password has already expired.
    $Now = Get-Date
    $Date1 = $Now.AddDays(-$MaxPwdAge)
    
    # Determine the password last changed date such the password
    # will expire $intDays in the future.
    $Date2 = $Now.AddDays($intDays - $MaxPwdAge)
    
    # Convert from PowerShell ticks to Active Directory ticks.
    $64Bit1 = $Date1.Ticks - 504911232000000000
    $64Bit2 = $Date2.Ticks - 504911232000000000
    
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher
    $Searcher.PageSize = 100
    $Searcher.SearchScope = "onelevel"
    
    # Filter on user objects where the password expires between the
    # dates specified, the account is not disabled, password never
    # expires is not set, password not required is not set.
    # and password cannot change is not set.
    $Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
        + "(pwdLastSet>=" + $($64Bit1) + ")" `
        + "(pwdLastSet $Null
    $Searcher.PropertiesToLoad.Add("name") > $Null
    $Searcher.PropertiesToLoad.Add("Company") > $Null
    $Searcher.PropertiesToLoad.Add("pwdLastSet") > $Null
    $Searcher.PropertiesToLoad.Add("mail") > $Null
    
    # Only search the specified OU.
    $Searcher.Searchroot = "LDAP://OU=Users,DC=contoso,DC=com"
    
    $Results = $Searcher.FindAll()
    #ForEach ($Result In $Results)
    {
        # Retrieve attribute values for this user.
        $Samaccountname = $Result.Properties.Item("sAMAccountName")
        $PLS = $Result.Properties.Item("pwdLastSet")
        $Mail = $Result.Properties.Item("mail")
        $Displayname = $Result.Properties.Item("name")
        $Company = $Result.Properties.Item("Company")
    
        If ($PLS.Count -eq 0)
        {
            $Date = [DateTime]0
        }
        Else
        {
            # Interpret 64-bit integer as a date.
            $Date = [DateTime]$PLS.Item(0)
        }
        # Convert from .NET ticks to Active Directory Integer8 ticks.
        # Also, convert from UTC to local time.
        $PwdLastSet = $Date.AddYears(1600).TolocalTime()
        # Determine when password expires.
        $PwdExpires = $PwdLastSet.AddDays($MaxPwdAge)
        # Convert to UK Date Format
        $PWDRES = $PwdExpires.ToLongDateString()
        
        #Get Total Days Remaining
        $Remaining = $PwdExpires - (get-date) | Select days -ExpandProperty days
    
        #Get Subject Date
        $SubjectDate = $Pwdres
        
    
        # Output information for this user.
    
    
        $text = "BODY{font-family:'Times New Roman'};P{font-family:'Times New Roman'};TABLE{font-family:'Times New Roman'}"
        $text = $text + "Dear Sir/Madam,"
    
        $text = $text + " your account password is due to expire in $Remaining days."
     
       
    
        ##Variables
    $smtpServer = "smtp.contoso.com"
    $From = "support@contoso.com"
    $SubjectCPY = "Your Arup Account Password is Due to Expire on $SubjectDate"
    $Body = "$text"
    $to ="someone@someone.com"
    
    #Email Content
    ## -cc $mail will mail user account
    Send-Mailmessage -smtpServer $smtpServer -from $from -to $to -subject $subjectCPY -priority High -Body $Body -BodyAsHtml
    
    
    

You must be logged in to reply to this topic.