Get password expire warning for your ad-users

I needed some way to alert the user to change password a couple of days before they expired. As always I prefer to use e-mail as my primary support channel to the users. I actually found the script on a website and did some small adjustment to let it include support for norwegian characters etc. If you know where I got this script, please comment and I will link to the site so the author gets the credit for his work.

Save the script to a path on your network with the .ps1 extension and schedule a task on your server which runs daily. I prefer to use the build in task-scheduler in Windows. Choose powershell.exe as program and add this to argument: -ExecutionPolicy Bypass \pathtoyourpowershellscript.ps1

##################################################################################################################
# Please Configure the following variables....
$smtpServer="HERE YOU TYPE THE IP ADDRESS OF THE SMTP SERVER"
$expireindays = HERE YOU TYPE IN A NUMBER FOR HOW MANY DAYS BEFORE THE EXPIRE DATE YOU SHOULD GET THE FIRST WARNING
$from = "YOUR NAME GOES HERE <YOUR@EMAILADDRESS.COM>"
###################################################################################################################

#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

foreach ($user in $users)
{
  $Name = (Get-ADUser $user | foreach { $_.Name})
  $emailaddress = $user.emailaddress
  $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
  $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
  # Check for Fine Grained Password
  if (($PasswordPol) -ne $null)
  {
    $maxPasswordAge = ($PasswordPol).MaxPasswordAge
  }

  else
  {
    $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
  }

  $expireson = $passwordsetdate + $maxPasswordAge
  $today = (get-date)
  $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
  $subject="Ditt passord utløper om $daystoExpire dager"
  $body ="
  Hi $name,
Your passwor expire in $daystoexpire days.


Administrator

" if ($daystoexpire -lt $expireindays) { Send-Mailmessage -encoding ([System.Text.Encoding]::UTF8) -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High } }

Kommentarer er stengt.

Blogg på WordPress.com.

opp ↑

%d bloggere like this: