<

Active Directory Password Expiration Email Notifier - Powershell Script

Published on
15,175 Points
8,675 Views
5 Endorsements
Last Modified:
Approved
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they were not connected to the domain.  This can become a real problem for Administrators when they are wasting valuable time resetting passwords.  Let me first tell you, I'm not a developer so I'm sure there are better/other ways to do this but hopefully this will help some of you get started.

Below is a script to email active directory users that their password is going to expire in X days.  It will also send an password expiration report  to the Administrator which includes the name of each user whose password is expiring and when their password will expire.  I have this script setup as a scheduled task to run daily on my server.

Here's some instruction to get this to work:
1.   Install Quest cmdlets and add snapin to powershell. http://www.quest.com/powershell/activeroles-server.aspx
2.  Modify netadmin@email.com to the Administrators email that should be contacted
3.  Change 192.168.x.x to the address of your SMTP server
4.  Set $DaysToExpire =  X ( X=10 will email all users whose passwords expire within the next 10 days)
5.  Modify the script/body of the email to fit your environment (You could modify the body of the message to include instructions on changing the password and the password requirements)
6.  Setup a scheduled task to run the script daily.

Anyone using this script is expected to know of the consequences of using this improperly.  I offer no warranty and expect that you will use this script at your own risk.

Please feel free to ask any questions and I will do my best to assist.
$ReqVersion = [version]"1.2.2.1254" 
$QadVersion = (Get-PSSnapin Quest.ActiveRoles.ADManagement).Version 


if($QadVersion -lt $ReqVersion) 
{ 
    throw "Quest AD cmdlets version '$ReqVersion' is required. Please download the latest version" 
} 




function sendmail($attachment) 
{ 
$SmtpClient = New-Object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = “192.168.x.x” 
$mailmessage.from = “netadmin@email.com" 
$mailmessage.To.add($mailTo)
$mailmessage.Subject = $subject 
$MailMessage.IsBodyHtml = 1 
$mailmessage.Body = $body
$smtpclient.Send($mailmessage) 


} 

$MaximumPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days 

if($MaximumPassAge -le 0) 
{  
   throw "MaximumPasswordAge password policy is not configured." 
} 

$NetAdminReport=$null

#Sets when to start emailing users about password expiration
$DaysToExpire = 10

Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * | 
Select-Object Name,Email,FirstName,@{Name="Expires";Expression={ $MaximumPassAge - $_.PasswordAge.days }} | 
Where-Object {$_.Expires -gt 0 -AND $_.Expires -le $DaysToExpire } | Foreach-Object { 

#Emails admin instead of user(testing purposes)
#$mailTo = "netadmin@email.com"

#Emails user
$mailTo = $_.Email

#Lists each user whose password is expires and when
$NetAdminReport += "$($_.Name)" + " (Password expires in " + "$($_.Expires)" + " days)
 
"
 #Body of Net Admin Report
 $ReportBody="A Password Expiration Notice has been sent to the following users:

$($NetAdminReport)"

#Subject of Password Expiration Email to User
$Subject = "Password reminder: $($_.Name) your email password will expire in $($_.Expires) days"


$body = "<p style = ""font-size: 11pt; font-family: Calibri""> Hello $($_.FirstName), <br /> <br /> Your current domain  password will expire in <b>$($_.Expires) days.</b></p>"


sendmail $Allservers
}

#Send Admin Report
if($NetAdminReport -ne $null)

{

 Send-MailMessage -SmtpServer 192.168.x.x -From netadmin@email.com -To netadmin@email.com -Subject  "Password Expiration Report" -Body  $ReportBody
 
}

Open in new window

5
Comment
Author:jake77444
3 Comments

Expert Comment

by:happyhenrik
Thank you - at my company we have a lot of issues with remote users/external consultants, that has this problem. I will test on monday :)
0
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Thanks...

Vote yes
0
LVL 34

Expert Comment

by:Shreedhar Ette
Hello Jake,

Does this script have any operating system requirements?

Do you ever used this in production environment?
0

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month