Active Directory Password Expiration Email Notifier - Powershell Script

Published:
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they were not connected to the domain.  This can become a real problem for Administrators when they are wasting valuable time resetting passwords.  Let me first tell you, I'm not a developer so I'm sure there are better/other ways to do this but hopefully this will help some of you get started.

Below is a script to email active directory users that their password is going to expire in X days.  It will also send an password expiration report  to the Administrator which includes the name of each user whose password is expiring and when their password will expire.  I have this script setup as a scheduled task to run daily on my server.

Here's some instruction to get this to work:
1.   Install Quest cmdlets and add snapin to powershell. http://www.quest.com/powershell/activeroles-server.aspx
2.  Modify netadmin@email.com to the Administrators email that should be contacted
3.  Change 192.168.x.x to the address of your SMTP server
4.  Set $DaysToExpire =  X ( X=10 will email all users whose passwords expire within the next 10 days)
5.  Modify the script/body of the email to fit your environment (You could modify the body of the message to include instructions on changing the password and the password requirements)
6.  Setup a scheduled task to run the script daily.

Anyone using this script is expected to know of the consequences of using this improperly.  I offer no warranty and expect that you will use this script at your own risk.

Please feel free to ask any questions and I will do my best to assist.
$ReqVersion = [version]"1.2.2.1254" 
                      $QadVersion = (Get-PSSnapin Quest.ActiveRoles.ADManagement).Version 
                      
                      
                      if($QadVersion -lt $ReqVersion) 
                      { 
                          throw "Quest AD cmdlets version '$ReqVersion' is required. Please download the latest version" 
                      } 
                      
                      
                      
                      
                      function sendmail($attachment) 
                      { 
                      $SmtpClient = New-Object system.net.mail.smtpClient 
                      $MailMessage = New-Object system.net.mail.mailmessage 
                      $SmtpClient.Host = “192.168.x.x” 
                      $mailmessage.from = “netadmin@email.com" 
                      $mailmessage.To.add($mailTo)
                      $mailmessage.Subject = $subject 
                      $MailMessage.IsBodyHtml = 1 
                      $mailmessage.Body = $body
                      $smtpclient.Send($mailmessage) 
                      
                      
                      } 
                      
                      $MaximumPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days 
                      
                      if($MaximumPassAge -le 0) 
                      {  
                         throw "MaximumPasswordAge password policy is not configured." 
                      } 
                      
                      $NetAdminReport=$null
                      
                      #Sets when to start emailing users about password expiration
                      $DaysToExpire = 10
                      
                      Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * | 
                      Select-Object Name,Email,FirstName,@{Name="Expires";Expression={ $MaximumPassAge - $_.PasswordAge.days }} | 
                      Where-Object {$_.Expires -gt 0 -AND $_.Expires -le $DaysToExpire } | Foreach-Object { 
                      
                      #Emails admin instead of user(testing purposes)
                      #$mailTo = "netadmin@email.com"
                      
                      #Emails user
                      $mailTo = $_.Email
                      
                      #Lists each user whose password is expires and when
                      $NetAdminReport += "$($_.Name)" + " (Password expires in " + "$($_.Expires)" + " days)
                       
                      "
                       #Body of Net Admin Report
                       $ReportBody="A Password Expiration Notice has been sent to the following users:
                      
                      $($NetAdminReport)"
                      
                      #Subject of Password Expiration Email to User
                      $Subject = "Password reminder: $($_.Name) your email password will expire in $($_.Expires) days"
                      
                      
                      $body = "<p style = ""font-size: 11pt; font-family: Calibri""> Hello $($_.FirstName), <br /> <br /> Your current domain  password will expire in <b>$($_.Expires) days.</b></p>"
                      
                      
                      sendmail $Allservers
                      }
                      
                      #Send Admin Report
                      if($NetAdminReport -ne $null)
                      
                      {
                      
                       Send-MailMessage -SmtpServer 192.168.x.x -From netadmin@email.com -To netadmin@email.com -Subject  "Password Expiration Report" -Body  $ReportBody
                       
                      }

Open in new window

5
9,302 Views

Comments (3)

Thank you - at my company we have a lot of issues with remote users/external consultants, that has this problem. I will test on monday :)
Suliman Abu KharroubIT Consultant
CERTIFIED EXPERT

Commented:
Thanks...

Vote yes
Shreedhar EtteTechnical Manager
CERTIFIED EXPERT
Top Expert 2010

Commented:
Hello Jake,

Does this script have any operating system requirements?

Do you ever used this in production environment?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.