Solved

check accounts which will expire in less than one week

Posted on 2013-06-12
4
1,134 Views
Last Modified: 2013-06-14
Hello,

i need a script to run it on Active Directory to check accounts which will expire in less than one week to send for them email to contact HR or line manager to renew the accounts.

and if there is a way to send for them email automatically as a notification.

Regards,
0
Comment
Question by:fadyaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 22

Expert Comment

by:Haresh Nikumbh
ID: 39240500
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39240565
Check below link if it is helpful

See this similar thread
Powershell to get Active directory account expire in 10 days
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_27726844.html

Powershell Script to Notify Users of Expired or About to Expire Passwords in Active Directory.
http://randomtechminutia.wordpress.com/2011/11/18/powershell-script-to-notify-users-of-expired-or-about-to-expire-passwords-in-active-directory/

Extract User Accounts set to expire within the next 7 days
http://powergui.org/thread.jspa?threadID=16340

Find Users Expiration Date with Richard Mueller's Generic ADO Search
http://social.technet.microsoft.com/wiki/contents/articles/9836.find-users-expiration-date-with-richard-mueller-s-generic-ado-search.aspx

See this too
http://www.manageengine.com/products/self-service-password/password-expiration-notifier.html

Hope this helps
0
 
LVL 2

Author Comment

by:fadyaz
ID: 39241006
Hello I found this script for Richard Mueller from your links :

But can explain the script for exactly what doing ? and how i can run it?

and where i should put the password for the client email which will send the email for the user and how the email will be ?? and does it will same a CSV file or no ?

Regards,

# PSAcctExpires.ps1

Trap {"Error: $_"; Break;}

# Specify number of days. Users whose accounts expire between now and
# this many days in the future will be processed.
$Days = 7

# Email settings.
$Script:From = "myemailaddress@mydomain.com"
$Script:Subject = "Account Expiration Notice"
$Server = "smtp.mydomain.com"
$Port = 25
$Client = New-Object System.Net.Mail.SmtpClient $Server, $Port
# You may need to provide credentials.
$Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

Function SendEmail($To, $Body)
{
    $Message = New-Object System.Net.Mail.MailMessage `
        $Script:From, $To, $Script:Subject, $Body
    $Client.Send($Message)
}

# Determine dates.
$Date1 = Get-Date
$Date2 = $Date1.AddDays($Days)

# Convert from PowerShell ticks to Active Directory ticks.
$64Bit1 = $Date1.Ticks - 504911232000000000
$64Bit2 = $Date2.Ticks - 504911232000000000

$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"

$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
    + "(accountExpires>=" + $($64Bit1) + ")" `
    + "(accountExpires<=" + $($64Bit2) + "))"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("sAMAccountName") > $Null
$Searcher.PropertiesToLoad.Add("mail") > $Null
$Searcher.PropertiesToLoad.Add("proxyAddresses") > $Null
$Searcher.PropertiesToLoad.Add("accountExpires") > $Null
$Searcher.SearchRoot = "LDAP://" + $Domain.distinguishedName

$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
    $DN = $Result.Properties.Item("distinguishedName")
    $Name = $Result.Properties.Item("sAMAccountName")
    $Mail = $Result.Properties.Item("mail")
    $Addresses = $Result.Properties.Item("proxyAddresses")
    $AE = $Result.Properties.Item("accountExpires")
    If (($AE.Item(0) -eq 0) -or ($AE.Item(0) -gt [DateTime]::MaxValue.Ticks))
    {
        $AcctExpires = "<Never>"
    }
    Else
    {
        $Date = [DateTime]$AE.Item(0)
        $AcctExpires = $Date.AddYears(1600).ToLocalTime()
    }
    # Determine email address.
    If ("$Mail" -eq "")
    {
        ForEach ($Address In $Addresses)
        {
            $Prefix = $Address.SubString(0, 5)
            If (($Prefix -ceq "SMTP:") -or ($Prefix -ceq "X400:"))
            {
                $Mail = $Address.SubString(5)
                Break
            }
        }
    }
    If ("$Mail" -ne "")
    {
        $Notice = "Account for user $Name on $AcctExpires"
        SendEmail $Mail $Notice
        "Email sent to $Name ($Mail), account expires $AcctExpires"
    }
    Else
    {
        "$Name has no email, but account expires $AcctExpires"
        "DN: $DN"
    }
}

Open in new window

0
 
LVL 9

Accepted Solution

by:
VirastaR earned 500 total points
ID: 39241053
Hi,

If you have a Windows 2008 Environment then try this:
http://www.networkworld.com/community/node/42303

Hope that helps :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question