We've been using this for around two months without any issues.
A prerequisite for this is to download and install Quest's Active Directory Powershell Commands Module, which you can get here.
Please see my comments in the code for further information; here's the script:
#--------------------BEGIN SCRIPT----------------------
#Load the Quest snapin
Add-PSSnapin Quest.ActiveRoles.ADManagement
#Main Variables
$Today = Get-Date
$Outfile = "C:\Temp\Outfile.txt"
#Grab User Accounts. You'll want to specify a maximum because the snapin defaults to 1000.
#Also, you can omit OUs like I did for our "Recycle Bin" OU
$Users = get-qaduser -Sizelimit 2000 | where {$_.DN -notlike "*OU=ObjectsToDelete*"}
#Alter the user list so I can work with it. Basically, I'm taking the list of usernames, getting rid of any blanks, and then converting them to strings for later
$Selection = ($Users | select UserPrincipalName)
$Names = ($Selection | where {($_.UserPrincipalName)} | % {(($_.UserPrincipalName).tostring())})
#Go through the user list and Email everyone that has a password expiring in the next 15 days, or has had one
Foreach ($UserPrincipalName in $Names){
$QueryPiece1 = (Get-QADUser $UserPrincipalName)
$EmailAddress = ($QueryPiece1.Email)
$Date1 = ($QueryPiece1.PasswordExpires)
$Difference = (($Date1.subtract($Today)).days)
#This section sends emails IF the password expires in less than 14 days
If (($Difference -le 14) -and ($Difference -gt 0)){
#Writes to report file
$Output = ($EmailAddress + "," + $Date1 + "," + $Difference)
$Output | Add-Content $outfile
#Builds body of the email that is sent to a user
#Put together email body
$Body1 = "Your Windows password is expiring in $Difference days.`r`n"
$Body2 = "The next time you are logged in to a computer, press Ctrl-Alt-Delete and change your password.`r`n"
$Body3 = "PLEASE REPLY TO THIS EMAIL WITH YOUR EXTENSION IF YOU NEED HELP, OR CALLTHE HELPDESK"
$BodyCombined = ($body1 + $body2 + "`r`n" + $body3)
#Actually Sending the emails to users
Send-Mailmessage -from helpdesk@contoso.com -to $EmailAddress -subject "From the Contoso IT Department - Please Read" -smtpserver mailserver.contoso.com -body $BodyCombined
} #End If
} #End Foreach
#Send IT a report on users that were emailed, then delete the temp file we attached
Send-Mailmessage -from helpdesk@contoso.com -to itreporting@comtoso.com -subject "PS Report - Password Reset Notifications" -smtpserver mailserver.contoso.com -body "Emails Sent to (See Attached)" -Attachments $outfile
Remove-Item $OutFile -Force
#--------------------END SCRIPT----------------------
That wasn't that difficult to create, and saved my department some money. I know the text format's a little wonky there because of my nested IF statements, but if you paste the code into a text editor it should wrap properly and be more readable. I wanted to sit and play with it, but I have a family and a job and stuff.
No comments:
Post a Comment