Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 48
  • Last Modified:

Script(s) for password policies

I have a fairly rigid set of rules to play by here and they can't be altered, which sucks of course.  We cannot set accounts to expire or lock them out.

What I need to script:

(1)Query AD for users whose passwords are 365 days old against the pwdlastset attribute.  I also need to be able to exclude accounts that are set to never expire
(2)Email a report of the number/list
(3)Email users in stages that their password is going to expire
(4)When the day arrives I need to scramble their password

I can generally do these separately fine enough but i would highly appreciate a powershell guru who could whip something up to help with this.  I can stumble through this but there is a bit of a time crunch on this.

Any help would greatly help.
0
John Hammerdink
Asked:
John Hammerdink
  • 2
1 Solution
 
SubsunCommented:
Following code will help you to send the list in email.
$File = "C:\Script\Report.csv"
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties Displayname,pwdlastset |
	Select-Object -Property Displayname,@{Name="pwdlastset";E={[datetime]::FromFileTime($_.pwdlastset)}} | 
		?{$_.pwdlastset -le ((Get-Date).Adddays(-365))} | Export-Csv $File -nti

$mail = @{
	From = "Admin@domain.com" 
	To = "Admin@domain.com" 
	Attachments = $File 
	SmtpServer = "mail.domain.com"
	Subject = "Password Expiry List"
}
Send-MailMessage @mail

Open in new window


How to Setup a Password Expiration Notification Email Solution
Ref: https://blogs.technet.microsoft.com/askpfeplat/2015/05/04/how-to-setup-a-password-expiration-notification-email-solution/
Since you dont have password expiry set, you might need to change line (I have not tested this)
$expireson = $passwordsetdate + $maxPasswordAge
To 

$expireson = $passwordsetdate + 365

or

$expireson = $passwordsetdate + (New-TimeSpan -Days 365)

Open in new window

To set password you can use Set-ADAccountPassword
Set-ADAccountPassword –Identity UserA -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" –Force)

Open in new window

0
 
SubsunCommented:
Details mentioned in the comment should help. If John Hammerdink doesn't have any further queries, then question can be closed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now