I have a fairly rigid set of rules to play by here and they can't be altered, which sucks of course. We cannot set accounts to expire or lock them out.
What I need to script:
(1)Query AD for users whose passwords are 365 days old against the pwdlastset attribute. I also need to be able to exclude accounts that are set to never expire
(2)Email a report of the number/list
(3)Email users in stages that their password is going to expire
(4)When the day arrives I need to scramble their password
I can generally do these separately fine enough but i would highly appreciate a powershell guru who could whip something up to help with this. I can stumble through this but there is a bit of a time crunch on this.
Any help would greatly help.