N00b2015
asked on
Office 365 Password Expiry Email Notification - Powershell
I'm trying to use a Powershell script to e-mail 365 users when their accounts are about to expire. MS do not offer e-mail notifications.. A joke, right! Anyway, someone has created an awesome script here...
https://community.spiceworks.com/how_to/133073-how-to-notify-office-365-users-that-passwords-will-expire
The script states that it will notify *everyone* in the domain if set. However, I would like it only set for 2 or 3 people max. The organisation is very small and the script appears to be pulling out resource accounts which are not required.
I believe the "tweak" can be done here in the first line, but i'm not even sure how to start! Ideally, i would like to add a few e-mail addresses to notify instead of everyone.
# Get Users From MSOL where Passwords Expire
#
$users = get-msoluser | where { $_.PasswordNeverExpires -eq $false }
$domain = Get-MSOLDomain | where {$_.IsDefault -eq $true }
$maxPasswordAge = ((Get-MsolPasswordPolicy -domain $domain.Name).ValidityPeri
#
##########################
#
# Process Each User for Password Expiry
#
foreach ($user in $users)
{
$Name = $user.DisplayName
$emailaddress = $user.UserPrincipalName
$passwordSetDate = $user.LastPasswordChangeTi
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
Any ideas would truly be helpful.
Many thanks
https://community.spiceworks.com/how_to/133073-how-to-notify-office-365-users-that-passwords-will-expire
The script states that it will notify *everyone* in the domain if set. However, I would like it only set for 2 or 3 people max. The organisation is very small and the script appears to be pulling out resource accounts which are not required.
I believe the "tweak" can be done here in the first line, but i'm not even sure how to start! Ideally, i would like to add a few e-mail addresses to notify instead of everyone.
# Get Users From MSOL where Passwords Expire
#
$users = get-msoluser | where { $_.PasswordNeverExpires -eq $false }
$domain = Get-MSOLDomain | where {$_.IsDefault -eq $true }
$maxPasswordAge = ((Get-MsolPasswordPolicy -domain $domain.Name).ValidityPeri
#
##########################
#
# Process Each User for Password Expiry
#
foreach ($user in $users)
{
$Name = $user.DisplayName
$emailaddress = $user.UserPrincipalName
$passwordSetDate = $user.LastPasswordChangeTi
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
Any ideas would truly be helpful.
Many thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thinking about it, i think the Islicensed parameter would work much better for my situation. Do you know how i could incorporate this instead? this appears to be the string Get-MsolUser | Where-Object { $_.isLicensed -eq "TRUE" } but i need to use the where { $_.PasswordNeverExpires -eq $false }.
Additionally, when i use the get-msoluser -City param i get the expected results. When i combine it with | where { $_.PasswordNeverExpires -eq $false } i don't? I've tested for two accounts which i know do not have password never expired set but only get one of the two showing? Strange, as I'm sure the password policy is for everyone in the organisation other than individual users?
Additionally, when i use the get-msoluser -City param i get the expected results. When i combine it with | where { $_.PasswordNeverExpires -eq $false } i don't? I've tested for two accounts which i know do not have password never expired set but only get one of the two showing? Strange, as I'm sure the password policy is for everyone in the organisation other than individual users?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This works (thank you!) I made a slight tweak to test the true and false values..
Get-MsolUser -All | where { $_.isLicensed -eq $true -and $_.PasswordNeverExpires -eq $false }
I was still experiencing problems, as one of my licenced accounts was still not appearing when testing. I used this line to test...
Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires
.. And for one of the accounts which is licenced, the Password Never Expires column does not have a value, it is blank. This account was the main (owner) account of 365.
UserPrincipalName PasswordNeverExpires
----------------- --------------------
joe@mycompany.com False
Owner@mycompany.com
ted@mycompany.com False
i figured out that for 365, the main admin/owner accounts are blank by default. Not too sure why but probably why the script did not work initially. So i'll have to set their value manually.
Thanks very much for your help!!!
Get-MsolUser -All | where { $_.isLicensed -eq $true -and $_.PasswordNeverExpires -eq $false }
I was still experiencing problems, as one of my licenced accounts was still not appearing when testing. I used this line to test...
Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires
.. And for one of the accounts which is licenced, the Password Never Expires column does not have a value, it is blank. This account was the main (owner) account of 365.
UserPrincipalName PasswordNeverExpires
----------------- --------------------
joe@mycompany.com False
Owner@mycompany.com
ted@mycompany.com False
i figured out that for 365, the main admin/owner accounts are blank by default. Not too sure why but probably why the script did not work initially. So i'll have to set their value manually.
Thanks very much for your help!!!
ASKER