Home > IT, PowerShell, Scripting, Windows > How to send password expire alert to AD users with PowerShell?

How to send password expire alert to AD users with PowerShell?

May 26th, 2009

user-128x128Today i write  a new PowerShell Script

I need this because i what to create a shedule task to send alert for every user who need to change theu password before expiration time. Its very usefull if you are work with lot of people.

Lets see, i commented the script and i think i don’t  need to describe.

[code lang=”powershell”]
cls
########################################################################
# Created by Levente Veres (bergermanus)
# Contact: http://my.bergersoft.net
# Description: The current script send Alert for users before they password
# expires. You can set some values to configure this script.
########################################################################

##########################################################################
# Function to send email to each user
##########################################################################
function send_email_user ($remaining_day, $email, $name )
{
$today = Get-Date
$date_expire = [DateTime]::Now.AddDays($remaining_day) ;
$SmtpClient = new-object system.net.mail.smtpClient
$mailmessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = “SENDER.DOT.TO”
$mailmessage.from = “it@DOT.TO”
$mailmessage.To.add($email)
$mailmessage.Bcc.add(“it@DOT.TO”)
$mailmessage.Subject = “$name, your password expires on Bergersoft.net”
$mailmessage.IsBodyHtml = $true
$mailmessage.Body = ”

Dear $name


$mailmessage.Body +=”

Your password for account $email will be expirend in $remaining_day days on $date_expire


$mailmessage.Body +=”For other question please ask the Administrators !


$mailmessage.Body += ” Generated on : $today


$mailmessage.Body += “==================================

$mailmessage.Body += “Bergersoft.net

$smtpclient.Send($mailmessage)
}

##########################################################################
# Send REPORT for Admins
##########################################################################
function sendmail($body)
{
$today = Get-Date
$SmtpClient = new-object system.net.mail.smtpClient
$mailmessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = “SENDER.DOT.TO”
$mailmessage.from = “it@DOT.TO”
$mailmessage.To.add(“admin_it@DOT.TO”)
$mailmessage.Subject = “[Report] Bergersoft.net password expires”
$mailmessage.IsBodyHtml = $true
$mailmessage.Body = ”

Generated on : $today n

" + $body
$mailmessage.Body += "
n” + $body1

$smtpclient.Send($mailmessage)
}

##########################################################################
# Search for the active directory users with following conditions
# 1. Is in USER category
# 2. Is loged in more that 1 times – for eliminate the system accounts
# 3. Eliminate the Disbaled Accounts
##########################################################################
$strFilter = “(&(objectCategory=User)(logonCount>=1)(!userAccountControl:1.2.840.113556.1.4.803:=2))”
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$colResults = $objSearcher.FindAll();

#SET the max day before expiration alert
$max_alert = 10

##########################################################################
#SET the max password lifetime
# In the future i rewrite to ask teh GP for the group.
##########################################################################
$max_pwd_life= 90;

$userlist = @()

foreach ($objResult in $colResults)

{$objItem = $objResult.Properties;
if ( $objItem.mail.gettype.IsInstance -eq $True)
{
$user_name = $objItem.name
$user_email = $objItem.email
#Transform the DateTime readable
$user_logon = [datetime]::FromFileTime($objItem.lastlogon[0])
$result = $objItem.pwdlastset
$user_pwd_last_set = [datetime]::FromFileTime($result[0])

#calculate the difference in Day
$diff_date = [INT]([DateTime]::Now – $user_pwd_last_set).TotalDays;

if (($max_pwd_life – $diff_date) -le $max_alert) {
$selected_user = New-Object psobject
$selected_user | Add-Member NoteProperty -Name “Name” -Value $objItem.name[0]
$selected_user | Add-Member NoteProperty -Name “Email” -Value $objItem.mail[0]
$selected_user | Add-Member NoteProperty -Name “LastLogon” -Value $user_logon
$selected_user | Add-Member NoteProperty -Name “LastPwdSet” -Value $user_pwd_last_set
$selected_user | Add-Member NoteProperty -Name “EllapsedDay” -Value $diff_date
$selected_user | Add-Member NoteProperty -Name “RemainingDay” -Value ($max_pwd_life-$diff_date)
$userlist+=$selected_user

}
}
}

###############################################################################
# Send email for each user
###############################################################################
foreach ($userItem in $userlist )
{
send_email_user $userItem.RemainingDay $userItem.Email $userItem.Name
}

###############################################################################
# Sedn email for Admins in reporting format
###############################################################################
$bodyme = $userlist| Sort-Object “RemainingDay” | ConvertTo-Html -Title “AD password Status” -Body “

Ad password expiration Status

” -head “

” | foreach {$_ -replace “

“, “
“}

sendmail $bodyme

###############################################################################
# END
###############################################################################
[/code]

Comments are closed.