Powershell script e-mail notification about expiring passwords

Author Johnny Josefsson on October 30, 2012 | Print | Bookmark
# Add Active Directory cmdlets support
#
  if( @(Get-Module | Where-Object {$_.Name -eq "ActiveDirectory"} ).Count -eq 0 ) { Import-Module ActiveDirectory }


# Add Exchange cmdlets support
#     http://stackoverflow.com/questions/6035902/exchange-powershell-how-to-invoke-exchange-2010-module-from-inside-script
#
  if( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null ) {  Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010  }



# Global Variables
#
  $smtpServer = "smtp.domain.top"
  $fromAddr = "IT Servicedesk "

  $7daysExpire = 7
  $3daysExpire = 3
  $0daysExpire = 1

  $nl = [Environment]::NewLine
  $scriptName = $MyInvocation.MyCommand.Name
  $genTime = Get-Date -format "yyyy-MM-dd HH:mm"



# Get the Default Domain Password Policy
# Note that we do not try to determine if we're a W2k8 domain or above or if fine grade password policy exists
# The reason is (this works on all domains and):
#   1: Its not configured in the domain (note that domain means domain(tele|mail|dmz)net.top which are initially 'mirrored' in their configs)
#   2: It takes more power and time to do it
# See TEST_AD_AccountPasswordOriginal.ps1 for that code
#
  $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

  if( $maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0 )
  {
    Write-Host "MaxPasswordAge is not set for the domain or is set to zero! No reason to actually continue..."
    Exit
  }



# Get Users From AD who are enabled
#
  $users = Get-ADUser -Filter * -Properties * | Where {$_.Enabled -eq "True"}


# Loop all users and detemine if they should be notifed or not
#
  foreach( $user in $users )
  {
    if( $user.PasswordExpired -eq "True" )
    {
    # Do nothing in this script
    #Write-Host $user.Name " Password Has Already Expired"
    }
    elseif( $user.PasswordNeverExpires -ne "True" )
    {
      $passwordSetDate = $user.PasswordLastSet
   
      $getToday = Get-Date
      $expiresOn = $passwordSetDate + $maxPasswordAgeTimeSpan
      $daysToExpire = ($expiresOn - $getToday).Days # get in days to compare with int value
    
      if( ($daysToExpire -eq $7daysExpire) -or
          ($daysToExpire -eq $3daysExpire) -or
          ($daysToExpire -eq $0daysExpire) )
      {

        $emailAddress = $null
        $emailAddress = $user.EmailAddress

        $givenName = $null
        $givenName = $user.GivenName
 
        $employeeId = $null
        $employeeId = $user.SamAccountname
        
        $boxAttribute1 = $null
        $boxAttribute1 = (Get-Mailbox -Identity $employeeId).CustomAttribute1

        $boxAttribute3 = $null
        $boxAttribute3 = (Get-Mailbox -Identity $employeeId).CustomAttribute3


        if( ($emailAddress -ne $null) -and ( ($boxAttribute1 -eq "gold") -and ($boxAttribute3 -eq "user") ) )
        {

          # Subject
          #
          $subject = "ONE Contact - E-mail System: Password Expiration in the near future"



          # Body alternative 1, the short version
          #
          $body1 =
"Hi $givenName,

Your password for Organisation E-mail System and Windows domain will expire in $daysToExpire days.

Please change your password for both E-mail and Windows System as soon as possible, otherwise you will be locked out. Please see knowledge books below how to change passwords for both systems.

Knowledge Books:
 - OWA/Outlook: Change password in OWA: https://centralservices.domain.top/index.php?pg=kb.page&id=227

 - Windows XP: Change Password: https://centralservices.domain.top/index.php?pg=kb.page&id=290

 - Smartphone - Change Password: https://centralservices.domain.top/index.php?pg=kb.page&id=36 (follow and read information throughly)

 - Windows Domain - Password Rules: https://centralservices.domain.top/index.php?pg=kb.page&id=206


Are that the only place I need to change on?
  Yes. But. You must also update to the new password, on one or all of these devices that you have:
   - Your mobile devices e.g. iPhone/iPad, Android Phone/Tablet
   - Your Outlook Client will also ask for the new password


Are more information available about the E-mail System, Windows and our environment in general?
  Yes there does exist alot of more information about each system and application within the company.
  Visit Central Services Center and the Knowledge Books section on this link:
   - https://centralservices.domain.top


For any enquires contact IT Servicedesk through the Central Services Center portal: https://centralservices.domain.top (and click) IT Servicedesk


This e-mail was generated by: IT Servicedesk - on: $genTime
"

          # Send email with predefined values
          #
          Send-MailMessage -SmtpServer $smtpServer -From $fromAddr -To $emailAddress -Subject $subject -Body $body1 -Priority High 
        }
      }
    }
  }



# exit?!?
#
  Write-Host "Exit Script!"
Exit

Was this article helpful?

Yes No

Category: Scripting, PowerShell

Last updated on October 30, 2012 with 1683 views