We help IT Professionals succeed at work.

Script(s) for password policies

I have a fairly rigid set of rules to play by here and they can't be altered, which sucks of course.  We cannot set accounts to expire or lock them out.

What I need to script:

(1)Query AD for users whose passwords are 365 days old against the pwdlastset attribute.  I also need to be able to exclude accounts that are set to never expire
(2)Email a report of the number/list
(3)Email users in stages that their password is going to expire
(4)When the day arrives I need to scramble their password

I can generally do these separately fine enough but i would highly appreciate a powershell guru who could whip something up to help with this.  I can stumble through this but there is a bit of a time crunch on this.

Any help would greatly help.
Watch Question

IT Infrastructure Architect
Following code will help you to send the list in email.
$File = "C:\Script\Report.csv"
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties Displayname,pwdlastset |
	Select-Object -Property Displayname,@{Name="pwdlastset";E={[datetime]::FromFileTime($_.pwdlastset)}} | 
		?{$_.pwdlastset -le ((Get-Date).Adddays(-365))} | Export-Csv $File -nti

$mail = @{
	From = "Admin@domain.com" 
	To = "Admin@domain.com" 
	Attachments = $File 
	SmtpServer = "mail.domain.com"
	Subject = "Password Expiry List"
Send-MailMessage @mail

Open in new window

How to Setup a Password Expiration Notification Email Solution
Ref: https://blogs.technet.microsoft.com/askpfeplat/2015/05/04/how-to-setup-a-password-expiration-notification-email-solution/
Since you dont have password expiry set, you might need to change line (I have not tested this)
$expireson = $passwordsetdate + $maxPasswordAge

$expireson = $passwordsetdate + 365


$expireson = $passwordsetdate + (New-TimeSpan -Days 365)

Open in new window

To set password you can use Set-ADAccountPassword
Set-ADAccountPassword –Identity UserA -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" –Force)

Open in new window

Subash SundharanIT Infrastructure Architect

Details mentioned in the comment should help. If John Hammerdink doesn't have any further queries, then question can be closed.