Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Tuesday, February 25, 2014

Password Expiration Reminder Emails with Powershell

We used to pay for something that did this, but querying active directory and emailing people based on the results seemed so easy to script!

We've been using this for around two months without any issues.

A prerequisite for this is to download and install Quest's Active Directory Powershell Commands Module, which you can get here.

Please see my comments in the code for further information; here's the script:

#--------------------BEGIN SCRIPT----------------------

#Load the Quest snapin
Add-PSSnapin Quest.ActiveRoles.ADManagement

#Main Variables
$Today = Get-Date
$Outfile = "C:\Temp\Outfile.txt"

#Grab User Accounts. You'll want to specify a maximum because the snapin defaults to 1000.
#Also, you can omit OUs like I did for our "Recycle Bin" OU
$Users = get-qaduser -Sizelimit 2000 | where {$_.DN -notlike "*OU=ObjectsToDelete*"}

#Alter the user list so I can work with it. Basically, I'm taking the list of usernames, getting rid of any blanks, and then converting them to strings for later
$Selection = ($Users | select UserPrincipalName)
$Names = ($Selection | where {($_.UserPrincipalName)} | % {(($_.UserPrincipalName).tostring())})

#Go through the user list and Email everyone that has a password expiring in the next 15 days, or has had one
Foreach ($UserPrincipalName in $Names){
$QueryPiece1 = (Get-QADUser $UserPrincipalName)
$EmailAddress = ($QueryPiece1.Email)
$Date1 = ($QueryPiece1.PasswordExpires)
$Difference = (($Date1.subtract($Today)).days)

#This section sends emails IF the password expires in less than 14 days
If (($Difference -le 14) -and ($Difference -gt 0)){
#Writes to report file
$Output = ($EmailAddress + "," + $Date1 + "," + $Difference)
$Output | Add-Content $outfile

#Builds body of the email that is sent to a user
#Put together email body
$Body1 = "Your Windows password is expiring in $Difference days.`r`n"
$Body2 = "The next time you are logged in to a computer, press Ctrl-Alt-Delete and change your password.`r`n"
$BodyCombined = ($body1 + $body2 + "`r`n" + $body3)

#Actually Sending the emails to users
Send-Mailmessage -from -to $EmailAddress -subject "From the Contoso IT Department - Please Read" -smtpserver -body $BodyCombined
} #End If
} #End Foreach

#Send IT a report on users that were emailed, then delete the temp file we attached
Send-Mailmessage -from -to -subject "PS Report - Password Reset Notifications" -smtpserver -body "Emails Sent to (See Attached)" -Attachments $outfile
Remove-Item $OutFile -Force

#--------------------END SCRIPT----------------------

That wasn't that difficult to create, and saved my department some money. I know the text format's a little wonky there because of my nested IF statements, but if you paste the code into a text editor it should wrap properly and be more readable. I wanted to sit and play with it, but I have a family and a job and stuff.

No comments:

Post a Comment