bergquistcompany
asked on
Script to email AD users of upcoming password expiration
Hello,
In AD we have a password expiration policy set for 14 day notification however users don't always get this on the domain and we have some users on the Cisco VPN. I'd like to know if anyone has a reliable script they are using that would email users of upcoming password expiration they'd be willing to share.
Thanks!
In AD we have a password expiration policy set for 14 day notification however users don't always get this on the domain and we have some users on the Cisco VPN. I'd like to know if anyone has a reliable script they are using that would email users of upcoming password expiration they'd be willing to share.
Thanks!
It uses the quest AD powershell cmdlets. You will also need to specify the search root in line 3, and set line 5,7
I left our email body (line 12) in there for you to use as a template. We also let our users reset their password through a (free) self service tool:
http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
I left our email body (line 12) in there for you to use as a template. We also let our users reset their password through a (free) self service tool:
http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/
ASKER
Thank you this looks awesome I will give it a test.
Are you running this as a scheduled task on the domain controller or how often are you running?
Are you running this as a scheduled task on the domain controller or how often are you running?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@jmoody10 - If I have a test OU I want to run it against before production does this look right:
"OU=testou,DC=northamerica
I also set the following as noted:
$emailFrom = "securityadmin@bergquistco
$subject = "Password will Expire Soon"
$smtpServer = "mail.bergquistcompany.com
and I appreciate the body to use as a template. To confirm how often do you run it and do you have it as a .ps1 that you are running through scheduled tasks? Does it look like C:\powershell.exe -password.ps1
@Sandeshdubey - to confirm I only need to set these between the "#" to establish the variable is that correct:
$smtpServer="wilma.northam
$from = "bergquistadministrator@be
$expireindays = 14
Then is this also being run from a task? I'm on 2012 and to start a program/script would I enter Powershell as the program and the .ps1 as an argument or just the .ps1 as the script?
"OU=testou,DC=northamerica
I also set the following as noted:
$emailFrom = "securityadmin@bergquistco
$subject = "Password will Expire Soon"
$smtpServer = "mail.bergquistcompany.com
and I appreciate the body to use as a template. To confirm how often do you run it and do you have it as a .ps1 that you are running through scheduled tasks? Does it look like C:\powershell.exe -password.ps1
@Sandeshdubey - to confirm I only need to set these between the "#" to establish the variable is that correct:
$smtpServer="wilma.northam
$from = "bergquistadministrator@be
$expireindays = 14
Then is this also being run from a task? I'm on 2012 and to start a program/script would I enter Powershell as the program and the .ps1 as an argument or just the .ps1 as the script?
ASKER
@jmoody10
Where-Object : Cannot bind parameter 'FilterScript'. Cannot convert the "Passwo
rdNeverExpires" value of type "System.String" to type "System.Management.Automa
tion.ScriptBlock".
At line:1 char:128
+ $ExpiringPasswords = Get-QADUser -SearchRoot "OU=testou,DC=bqasia,DC=be
tcompany,DC=com" -PasswordNotChangedFor 76 | Where <<<< PasswordNeverExpires -
eq $False | Select-Object email -Unique
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi
ndingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMes
ell.Commands.WhereObjectCo
Where-Object : Cannot bind parameter 'FilterScript'. Cannot convert the "Passwo
rdNeverExpires" value of type "System.String" to type "System.Management.Automa
tion.ScriptBlock".
At line:1 char:128
+ $ExpiringPasswords = Get-QADUser -SearchRoot "OU=testou,DC=bqasia,DC=be
tcompany,DC=com" -PasswordNotChangedFor 76 | Where <<<< PasswordNeverExpires -
eq $False | Select-Object email -Unique
+ CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi
ndingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMes
ell.Commands.WhereObjectCo
ASKER
@ Sandeshdubey
I have downloaded the first script set
$smtpServer="wilma.northam
$from = "kristinebollinger@bergqui
$expireindays = 14
and run it from powershell .\password change notification.ps1 and it runs fine but no email ever comes through. Are you using this? I've tried 2012 and 2008
I have downloaded the first script set
$smtpServer="wilma.northam
$from = "kristinebollinger@bergqui
$expireindays = 14
and run it from powershell .\password change notification.ps1 and it runs fine but no email ever comes through. Are you using this? I've tried 2012 and 2008
ASKER
So I ran the attached with the updates to smtp server, from and expire in days but 2 things happen
1. email says password will expire in days (missing #) and error:
Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argument that i
s not null or empty and then try the command again.
At C:\Users\naadmin\desktop\p
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to <<<< $emailaddress -subject $subject -body $body -bodya
sHTML -priority High
+ CategoryInfo : InvalidData: (:) [Send-MailMessage], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
password.txt
1. email says password will expire in days (missing #) and error:
Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argument that i
s not null or empty and then try the command again.
At C:\Users\naadmin\desktop\p
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to <<<< $emailaddress -subject $subject -body $body -bodya
sHTML -priority High
+ CategoryInfo : InvalidData: (:) [Send-MailMessage], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
password.txt
There are lots of these types of scripts out there, they assume you have the email AD attributes filled in properly:
http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27
http://gallery.technet.microsoft.com/scriptcenter/Email-Active-Directory-452a5640
http://ss64.com/ps/syntax-expiry.html
-rich
http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27
http://gallery.technet.microsoft.com/scriptcenter/Email-Active-Directory-452a5640
http://ss64.com/ps/syntax-expiry.html
-rich
ASKER
The first one looks right on but getting errors:
1. Get-ADDefaultDomainPasswor
tDomainPasswordPolicy' under: 'DC=eu,DC=bergquistcompany
At C:\Users\naadmin\desktop\t
+ $maxPasswordAge = (Get-ADDefaultDomainPasswo
+ CategoryInfo : ObjectNotFound: (Microsoft.Activ...nPasswo
DDefaultDomainPasswordPoli
+ FullyQualifiedErrorId : Cannot find an object with identity: 'Microsoft.ActiveDirectory
inPasswordPolicy' under: 'DC=eu,DC=bergquistcompany
faultDomainPasswordPolicy
2.Cannot convert argument "1", with value: "", for "op_Addition" to type "System.TimeSpan": "Cannot convert null to
"System.TimeSpan"."
At C:\Users\naadmin\desktop\t
+ $expireson = $passwordsetdate + <<<< $maxPasswordAge
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodArgumentConversionIn
3. New-TimeSpan : Cannot bind parameter 'End' to the target. Exception setting "End": "Object reference not set to a
ance of an object."
At C:\Users\naadmin\desktop\t
+ $daystoexpire = (New-TimeSpan -Start $today -End <<<< $Expireson).Days
+ CategoryInfo : WriteError: (:) [New-TimeSpan], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Mic
4. Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argumen
s not null or empty and then try the command again.
At C:\Users\naadmin\desktop\t
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to <<<< $emailaddress -subject $subject -body $bod
sHTML -priority High
+ CategoryInfo : InvalidData: (:) [Send-MailMessage], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
5. Subject says "Your password will expire in days!" but there is no number of days
Any help would be appreciated!
As the other 2 produce similar
1. Get-ADDefaultDomainPasswor
tDomainPasswordPolicy' under: 'DC=eu,DC=bergquistcompany
At C:\Users\naadmin\desktop\t
+ $maxPasswordAge = (Get-ADDefaultDomainPasswo
+ CategoryInfo : ObjectNotFound: (Microsoft.Activ...nPasswo
DDefaultDomainPasswordPoli
+ FullyQualifiedErrorId : Cannot find an object with identity: 'Microsoft.ActiveDirectory
inPasswordPolicy' under: 'DC=eu,DC=bergquistcompany
faultDomainPasswordPolicy
2.Cannot convert argument "1", with value: "", for "op_Addition" to type "System.TimeSpan": "Cannot convert null to
"System.TimeSpan"."
At C:\Users\naadmin\desktop\t
+ $expireson = $passwordsetdate + <<<< $maxPasswordAge
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodArgumentConversionIn
3. New-TimeSpan : Cannot bind parameter 'End' to the target. Exception setting "End": "Object reference not set to a
ance of an object."
At C:\Users\naadmin\desktop\t
+ $daystoexpire = (New-TimeSpan -Start $today -End <<<< $Expireson).Days
+ CategoryInfo : WriteError: (:) [New-TimeSpan], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Mic
4. Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argumen
s not null or empty and then try the command again.
At C:\Users\naadmin\desktop\t
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to <<<< $emailaddress -subject $subject -body $bod
sHTML -priority High
+ CategoryInfo : InvalidData: (:) [Send-MailMessage], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
5. Subject says "Your password will expire in days!" but there is no number of days
Any help would be appreciated!
As the other 2 produce similar
ASKER
got me pointed in the right direction didn't quite work though
Open in new window