<

Active Directory Password Expiration Email Notifier - Powershell Script

Published on
15,400 Points
8,900 Views
5 Endorsements
Last Modified:
Approved
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they were not connected to the domain.  This can become a real problem for Administrators when they are wasting valuable time resetting passwords.  Let me first tell you, I'm not a developer so I'm sure there are better/other ways to do this but hopefully this will help some of you get started.

Below is a script to email active directory users that their password is going to expire in X days.  It will also send an password expiration report  to the Administrator which includes the name of each user whose password is expiring and when their password will expire.  I have this script setup as a scheduled task to run daily on my server.

Here's some instruction to get this to work:
1.   Install Quest cmdlets and add snapin to powershell. http://www.quest.com/powershell/activeroles-server.aspx
2.  Modify netadmin@email.com to the Administrators email that should be contacted
3.  Change 192.168.x.x to the address of your SMTP server
4.  Set $DaysToExpire =  X ( X=10 will email all users whose passwords expire within the next 10 days)
5.  Modify the script/body of the email to fit your environment (You could modify the body of the message to include instructions on changing the password and the password requirements)
6.  Setup a scheduled task to run the script daily.

Anyone using this script is expected to know of the consequences of using this improperly.  I offer no warranty and expect that you will use this script at your own risk.

Please feel free to ask any questions and I will do my best to assist.
$ReqVersion = [version]"1.2.2.1254" 
$QadVersion = (Get-PSSnapin Quest.ActiveRoles.ADManagement).Version 


if($QadVersion -lt $ReqVersion) 
{ 
    throw "Quest AD cmdlets version '$ReqVersion' is required. Please download the latest version" 
} 




function sendmail($attachment) 
{ 
$SmtpClient = New-Object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = “192.168.x.x” 
$mailmessage.from = “netadmin@email.com" 
$mailmessage.To.add($mailTo)
$mailmessage.Subject = $subject 
$MailMessage.IsBodyHtml = 1 
$mailmessage.Body = $body
$smtpclient.Send($mailmessage) 


} 

$MaximumPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days 

if($MaximumPassAge -le 0) 
{  
   throw "MaximumPasswordAge password policy is not configured." 
} 

$NetAdminReport=$null

#Sets when to start emailing users about password expiration
$DaysToExpire = 10

Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * | 
Select-Object Name,Email,FirstName,@{Name="Expires";Expression={ $MaximumPassAge - $_.PasswordAge.days }} | 
Where-Object {$_.Expires -gt 0 -AND $_.Expires -le $DaysToExpire } | Foreach-Object { 

#Emails admin instead of user(testing purposes)
#$mailTo = "netadmin@email.com"

#Emails user
$mailTo = $_.Email

#Lists each user whose password is expires and when
$NetAdminReport += "$($_.Name)" + " (Password expires in " + "$($_.Expires)" + " days)
 
"
 #Body of Net Admin Report
 $ReportBody="A Password Expiration Notice has been sent to the following users:

$($NetAdminReport)"

#Subject of Password Expiration Email to User
$Subject = "Password reminder: $($_.Name) your email password will expire in $($_.Expires) days"


$body = "<p style = ""font-size: 11pt; font-family: Calibri""> Hello $($_.FirstName), <br /> <br /> Your current domain  password will expire in <b>$($_.Expires) days.</b></p>"


sendmail $Allservers
}

#Send Admin Report
if($NetAdminReport -ne $null)

{

 Send-MailMessage -SmtpServer 192.168.x.x -From netadmin@email.com -To netadmin@email.com -Subject  "Password Expiration Report" -Body  $ReportBody
 
}

Open in new window

5
Author:jake77444
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free