[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Active Directory Password Expiration Email Notifier - Powershell Script

Published on
15,262 Points
5 Endorsements
Last Modified:
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they were not connected to the domain.  This can become a real problem for Administrators when they are wasting valuable time resetting passwords.  Let me first tell you, I'm not a developer so I'm sure there are better/other ways to do this but hopefully this will help some of you get started.

Below is a script to email active directory users that their password is going to expire in X days.  It will also send an password expiration report  to the Administrator which includes the name of each user whose password is expiring and when their password will expire.  I have this script setup as a scheduled task to run daily on my server.

Here's some instruction to get this to work:
1.   Install Quest cmdlets and add snapin to powershell. http://www.quest.com/powershell/activeroles-server.aspx
2.  Modify netadmin@email.com to the Administrators email that should be contacted
3.  Change 192.168.x.x to the address of your SMTP server
4.  Set $DaysToExpire =  X ( X=10 will email all users whose passwords expire within the next 10 days)
5.  Modify the script/body of the email to fit your environment (You could modify the body of the message to include instructions on changing the password and the password requirements)
6.  Setup a scheduled task to run the script daily.

Anyone using this script is expected to know of the consequences of using this improperly.  I offer no warranty and expect that you will use this script at your own risk.

Please feel free to ask any questions and I will do my best to assist.
$ReqVersion = [version]"" 
$QadVersion = (Get-PSSnapin Quest.ActiveRoles.ADManagement).Version 

if($QadVersion -lt $ReqVersion) 
    throw "Quest AD cmdlets version '$ReqVersion' is required. Please download the latest version" 

function sendmail($attachment) 
$SmtpClient = New-Object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = “192.168.x.x” 
$mailmessage.from = “netadmin@email.com" 
$mailmessage.Subject = $subject 
$MailMessage.IsBodyHtml = 1 
$mailmessage.Body = $body


$MaximumPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days 

if($MaximumPassAge -le 0) 
   throw "MaximumPasswordAge password policy is not configured." 


#Sets when to start emailing users about password expiration
$DaysToExpire = 10

Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * | 
Select-Object Name,Email,FirstName,@{Name="Expires";Expression={ $MaximumPassAge - $_.PasswordAge.days }} | 
Where-Object {$_.Expires -gt 0 -AND $_.Expires -le $DaysToExpire } | Foreach-Object { 

#Emails admin instead of user(testing purposes)
#$mailTo = "netadmin@email.com"

#Emails user
$mailTo = $_.Email

#Lists each user whose password is expires and when
$NetAdminReport += "$($_.Name)" + " (Password expires in " + "$($_.Expires)" + " days)
 #Body of Net Admin Report
 $ReportBody="A Password Expiration Notice has been sent to the following users:


#Subject of Password Expiration Email to User
$Subject = "Password reminder: $($_.Name) your email password will expire in $($_.Expires) days"

$body = "<p style = ""font-size: 11pt; font-family: Calibri""> Hello $($_.FirstName), <br /> <br /> Your current domain  password will expire in <b>$($_.Expires) days.</b></p>"

sendmail $Allservers

#Send Admin Report
if($NetAdminReport -ne $null)


 Send-MailMessage -SmtpServer 192.168.x.x -From netadmin@email.com -To netadmin@email.com -Subject  "Password Expiration Report" -Body  $ReportBody

Open in new window


Expert Comment

Thank you - at my company we have a lot of issues with remote users/external consultants, that has this problem. I will test on monday :)
LVL 23

Expert Comment

by:Suliman Abu Kharroub

Vote yes
LVL 35

Expert Comment

by:Shreedhar Ette
Hello Jake,

Does this script have any operating system requirements?

Do you ever used this in production environment?

Featured Post

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month