check accounts which will expire in less than one week

Hello,

i need a script to run it on Active Directory to check accounts which will expire in less than one week to send for them email to contact HR or line manager to renew the accounts.

and if there is a way to send for them email automatically as a notification.

Regards,
LVL 2
fadyazAsked:
Who is Participating?
 
VirastaRUC Tech Consultant Commented:
Hi,

If you have a Windows 2008 Environment then try this:
http://www.networkworld.com/community/node/42303

Hope that helps :)
0
 
Haresh NikumbhSr. Tech leadCommented:
0
 
SandeshdubeySenior Server EngineerCommented:
Check below link if it is helpful

See this similar thread
Powershell to get Active directory account expire in 10 days
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_27726844.html

Powershell Script to Notify Users of Expired or About to Expire Passwords in Active Directory.
http://randomtechminutia.wordpress.com/2011/11/18/powershell-script-to-notify-users-of-expired-or-about-to-expire-passwords-in-active-directory/

Extract User Accounts set to expire within the next 7 days
http://powergui.org/thread.jspa?threadID=16340

Find Users Expiration Date with Richard Mueller's Generic ADO Search
http://social.technet.microsoft.com/wiki/contents/articles/9836.find-users-expiration-date-with-richard-mueller-s-generic-ado-search.aspx

See this too
http://www.manageengine.com/products/self-service-password/password-expiration-notifier.html

Hope this helps
0
 
fadyazAuthor Commented:
Hello I found this script for Richard Mueller from your links :

But can explain the script for exactly what doing ? and how i can run it?

and where i should put the password for the client email which will send the email for the user and how the email will be ?? and does it will same a CSV file or no ?

Regards,

# PSAcctExpires.ps1

Trap {"Error: $_"; Break;}

# Specify number of days. Users whose accounts expire between now and
# this many days in the future will be processed.
$Days = 7

# Email settings.
$Script:From = "myemailaddress@mydomain.com"
$Script:Subject = "Account Expiration Notice"
$Server = "smtp.mydomain.com"
$Port = 25
$Client = New-Object System.Net.Mail.SmtpClient $Server, $Port
# You may need to provide credentials.
$Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

Function SendEmail($To, $Body)
{
    $Message = New-Object System.Net.Mail.MailMessage `
        $Script:From, $To, $Script:Subject, $Body
    $Client.Send($Message)
}

# Determine dates.
$Date1 = Get-Date
$Date2 = $Date1.AddDays($Days)

# Convert from PowerShell ticks to Active Directory ticks.
$64Bit1 = $Date1.Ticks - 504911232000000000
$64Bit2 = $Date2.Ticks - 504911232000000000

$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"

$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
    + "(accountExpires>=" + $($64Bit1) + ")" `
    + "(accountExpires<=" + $($64Bit2) + "))"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("sAMAccountName") > $Null
$Searcher.PropertiesToLoad.Add("mail") > $Null
$Searcher.PropertiesToLoad.Add("proxyAddresses") > $Null
$Searcher.PropertiesToLoad.Add("accountExpires") > $Null
$Searcher.SearchRoot = "LDAP://" + $Domain.distinguishedName

$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
    $DN = $Result.Properties.Item("distinguishedName")
    $Name = $Result.Properties.Item("sAMAccountName")
    $Mail = $Result.Properties.Item("mail")
    $Addresses = $Result.Properties.Item("proxyAddresses")
    $AE = $Result.Properties.Item("accountExpires")
    If (($AE.Item(0) -eq 0) -or ($AE.Item(0) -gt [DateTime]::MaxValue.Ticks))
    {
        $AcctExpires = "<Never>"
    }
    Else
    {
        $Date = [DateTime]$AE.Item(0)
        $AcctExpires = $Date.AddYears(1600).ToLocalTime()
    }
    # Determine email address.
    If ("$Mail" -eq "")
    {
        ForEach ($Address In $Addresses)
        {
            $Prefix = $Address.SubString(0, 5)
            If (($Prefix -ceq "SMTP:") -or ($Prefix -ceq "X400:"))
            {
                $Mail = $Address.SubString(5)
                Break
            }
        }
    }
    If ("$Mail" -ne "")
    {
        $Notice = "Account for user $Name on $AcctExpires"
        SendEmail $Mail $Notice
        "Email sent to $Name ($Mail), account expires $AcctExpires"
    }
    Else
    {
        "$Name has no email, but account expires $AcctExpires"
        "DN: $DN"
    }
}

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.