This Powershell script allows you to notify your users ( with multiple attachments ) that
their AD password will expire soon or has expired. Furthermore, as a system
administrator, you are going to receive a list of users whose AD password is
going to expire soon or has expired.
# Start of script
# Purpose:
# Powershell script to find out a list of users
# whose password is expiring within x number of days (as specified in $days_before_expiry).
# Email notification with multiple attachments will be sent to them reminding them that they need to change their password.
#####################
# Variables to change
#####################
# Days to Password Expiry
$days_before_expiry = 14
# SMTP Server to be used
$smtp = "192.168.1.2"
# "From" address of the email
$from = "email@abc.com"
# Administrator email
$admin = "email@abc.com"
# Web address of your OWA url - tested only with Exchange 2010 SP2
$OWAURL = "mail.abc.com"
# First name of administrator
$AdminName = "System Administrator"
# Define font and font size
# ` or \ is an escape character in powershell
$font = "<font size=`"3`" face=`"Calibri`">"
##########################################
# Should require no change below this line
# (Except message body)
##########################################
function Send-Mail{
# Purpose:
# Powershell script to find out a list of users
# whose password is expiring within x number of days (as specified in $days_before_expiry).
# Email notification with multiple attachments will be sent to them reminding them that they need to change their password.
#####################
# Variables to change
#####################
# Days to Password Expiry
$days_before_expiry = 14
# SMTP Server to be used
$smtp = "192.168.1.2"
# "From" address of the email
$from = "email@abc.com"
# Administrator email
$admin = "email@abc.com"
# Web address of your OWA url - tested only with Exchange 2010 SP2
$OWAURL = "mail.abc.com"
# First name of administrator
$AdminName = "System Administrator"
# Define font and font size
# ` or \ is an escape character in powershell
$font = "<font size=`"3`" face=`"Calibri`">"
##########################################
# Should require no change below this line
# (Except message body)
##########################################
function Send-Mail{
param($smtpServer,$from,$to,$attach,$subject,$body)
$smtp = new-object system.net.mail.smtpClient($SmtpServer)
$mail = new-object System.Net.Mail.MailMessage
$mail.from = $from
$mail.to.add($to)
foreach ($filetoattach in $attach)
{
$att = New-Object Net.Mail.Attachment($filetoattach.fullname)
$mail.attachments.add($att)
}
$mail.subject = $subject
$mail.body = $body
# Send email in HTML format
$mail.IsBodyHtml = $true
$smtp.send($mail)
}
# Newline character
#$newline = [char]13+[char]10
$newline = "<br>"
# Get today's day, date and time
$today = (Get-date)
# Loads the Quest.ActiveRoles.ADManagement snapin required for the script.
# (Will unload once powershell is exited)
# chose either one below
# Add-pssnapin "Quest.ActiveRoles.ADManagement"
# Get-PSSnapin "Quest.ActiveRoles.ADManagement"
add-pssnapin "Quest.ActiveRoles.ADManagement"
Set-QADPSSnapinSettings -DefaultSizeLimit 0
# Retrieves list of users whose account is enabled, has a passwordexpiry date and whose password expiry date within (is less than) today+$days_before_expiry
$users_to_be_notified = Get-QADUser -SearchRoot "OU=USA,DC=abc,DC=local" -Enabled -passwordNeverExpires:$False | Where {($_.PasswordExpires -lt
$today.AddDays($days_before_expiry))}
# Send email to notify users
foreach ($user in $users_to_be_notified) {
# Calculate the remaining days
# If result is negative, then it means password has already expired.
# If result is positive, then it means password is expiring soon.
$days_remaining = ($user.PasswordExpires - $today).days
# Set font for HTML message
$body = $font
# For users whose password already expired
if ($days_remaining -le 0) {
# Make the days remaining positive (because we are reporting it as expired)
$days_remaining = [math]::abs($days_remaining)
# Add it in a list (to be sent to admin)
$expired_users += $user.name + " - <font color=blue>" + $user.LogonName + "</font>'s password has expired <font color=blue>" + $days_remaining + "</font> day(s) ago." + $newline
# If there is an email attached to profile
if ($user.Email -ne $null) {
# Email notification to user
$to = $user.Email
$subject = "Reminder - Password has expired " + $days_remaining + " day(s) ago."
# Message body is in HTML font
$body += "Dear " + $user.givenname + "," + $newline + $newline
$body += "This is a friendly reminder that your password for account'<font color=blue>" + $user.LogonName + "</font>' has already expired "+ $days_remaining + " day(s) ago." + $newline + $newline
$body += "Please contact email@abc.com ( EXT. 9999 ) to arrange for your password to be reset."
}
else {
# Email notification to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password has expired " + $days_remaining + " day(s) ago."
# Message body is in HTML font
$body += "Dear administrator," + $newline + $newline
$body += "<font color=blue>" + $user.LogonName+ "</font>'s password has expired <font color=blue>" + $days_remaining + " day(s) ago</font>."
$body += " However, the system has detected that there is no emailaddress attached to the profile."
$body += " Therefore, no email notifications has been sent to " + $user.Name + "."
$body += " Kindly reset the password and notify user of the password change."
$body += " In addition, please add a corresponding email address to the profile so emails can be sent directly for future notifications."
}
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
# Comment out this line if you do not want to send email to users with already expired passwords.
Send-Mail -smtpServer $smtp -from $from -to $to -attach $null -subject $subject -body $body
}
# For users whose password is expiring
# if ($days_remaining -gt 0) {
else {
# Add it in a list (to be sent to admin)
$expiring_users += $user.name + " - <font color=blue>" +$user.LogonName + "</font> has <font color=blue>" + $days_remaining +"</font> day(s) remaing left to change his/her password." + $newline
# If there is an email attached to profile
if ($user.Email -ne $null) {
# Email notification to user
$to = $user.Email
$subject = "Reminder - Password is expiring in " + $days_remaining +" day(s)."
#$newline = [char]13+[char]10
$newline = "<br>"
# Get today's day, date and time
$today = (Get-date)
# Loads the Quest.ActiveRoles.ADManagement snapin required for the script.
# (Will unload once powershell is exited)
# chose either one below
# Add-pssnapin "Quest.ActiveRoles.ADManagement"
# Get-PSSnapin "Quest.ActiveRoles.ADManagement"
add-pssnapin "Quest.ActiveRoles.ADManagement"
Set-QADPSSnapinSettings -DefaultSizeLimit 0
# Retrieves list of users whose account is enabled, has a passwordexpiry date and whose password expiry date within (is less than) today+$days_before_expiry
$users_to_be_notified = Get-QADUser -SearchRoot "OU=USA,DC=abc,DC=local" -Enabled -passwordNeverExpires:$False | Where {($_.PasswordExpires -lt
$today.AddDays($days_before_expiry))}
# Send email to notify users
foreach ($user in $users_to_be_notified) {
# Calculate the remaining days
# If result is negative, then it means password has already expired.
# If result is positive, then it means password is expiring soon.
$days_remaining = ($user.PasswordExpires - $today).days
# Set font for HTML message
$body = $font
# For users whose password already expired
if ($days_remaining -le 0) {
# Make the days remaining positive (because we are reporting it as expired)
$days_remaining = [math]::abs($days_remaining)
# Add it in a list (to be sent to admin)
$expired_users += $user.name + " - <font color=blue>" + $user.LogonName + "</font>'s password has expired <font color=blue>" + $days_remaining + "</font> day(s) ago." + $newline
# If there is an email attached to profile
if ($user.Email -ne $null) {
# Email notification to user
$to = $user.Email
$subject = "Reminder - Password has expired " + $days_remaining + " day(s) ago."
# Message body is in HTML font
$body += "Dear " + $user.givenname + "," + $newline + $newline
$body += "This is a friendly reminder that your password for account'<font color=blue>" + $user.LogonName + "</font>' has already expired "+ $days_remaining + " day(s) ago." + $newline + $newline
$body += "Please contact email@abc.com ( EXT. 9999 ) to arrange for your password to be reset."
}
else {
# Email notification to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password has expired " + $days_remaining + " day(s) ago."
# Message body is in HTML font
$body += "Dear administrator," + $newline + $newline
$body += "<font color=blue>" + $user.LogonName+ "</font>'s password has expired <font color=blue>" + $days_remaining + " day(s) ago</font>."
$body += " However, the system has detected that there is no emailaddress attached to the profile."
$body += " Therefore, no email notifications has been sent to " + $user.Name + "."
$body += " Kindly reset the password and notify user of the password change."
$body += " In addition, please add a corresponding email address to the profile so emails can be sent directly for future notifications."
}
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
# Comment out this line if you do not want to send email to users with already expired passwords.
Send-Mail -smtpServer $smtp -from $from -to $to -attach $null -subject $subject -body $body
}
# For users whose password is expiring
# if ($days_remaining -gt 0) {
else {
# Add it in a list (to be sent to admin)
$expiring_users += $user.name + " - <font color=blue>" +$user.LogonName + "</font> has <font color=blue>" + $days_remaining +"</font> day(s) remaing left to change his/her password." + $newline
# If there is an email attached to profile
if ($user.Email -ne $null) {
# Email notification to user
$to = $user.Email
$subject = "Reminder - Password is expiring in " + $days_remaining +" day(s)."
$files
= Get-ChildItem “C:\Guides”
# Message body is in HTML font
$body += "Dear " + $user.givenname + "," + $newline + $newline + $newline
$body += "This is a friendly reminder that your AD account password '<font color=blue>" + $user.LogonName + "</font>' is due to expire in "+ $days_remaining + " day(s)." + $newline + $newline + $newline
$body += "Please refer to the attachments for the quick guides." + $newline + $newline
# Message body is in HTML font
$body += "Dear " + $user.givenname + "," + $newline + $newline + $newline
$body += "This is a friendly reminder that your AD account password '<font color=blue>" + $user.LogonName + "</font>' is due to expire in "+ $days_remaining + " day(s)." + $newline + $newline + $newline
$body += "Please refer to the attachments for the quick guides." + $newline + $newline
$body
+= "For Windows user:" + $newline
$body += "Change_Password_Windows.pdf" + $newline + $newline
$body += "For Mac user:" +
$newline
$body += "Change_Password_Mac.pdf" + $newline + $newline
$body += "Please remember to change your password
before <fontcolor=blue>" + $user.PasswordExpires.date.tostring('dd/MMM/yyyy')
+"</font>."
}
else {
# Email notification to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password is expiring in " + $days_remaining + " day(s)."
# Message body is in HTML font
$body += "Dear administrator," + $newline + $newline
$body += "<font color=blue>" + $user.LogonName+ "</font>'s passwordis expiring in <font color=blue>" + $days_remaining + " day(s)</font>."
$body += " However, the system has detected that there is no emailaddress attached to the profile."
$body += " Therefore, no email notifications has been sent to " +$user.Name + "."
$body += " Kindly remind him/her to change the password before <fontcolor=blue>" + $user.PasswordExpires.date.tostring('dd/MMM/yyyy') +"</font>."
$body += " In addition, please add a corresponding email address to the profile so emails can be sent directly for future notifications."
}
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
Send-Mail -smtpServer $smtp -from $from -to $to -attach $files -subject $subject -body $body
}
}
# If there are users with expired password or users whose password is
# expiring soon
if ($expired_users -ne $null -or $expiring_users -ne $null) {
# Email notification to administrator
$to = $admin
$subject = "< Info > Password Expiry Report"
# Message body is in HTML font
$body = $font
$body += "Dear " + $AdminName + ","+ $newline + $newline
$body += "The following users' passwords are expiring soon or have already expired." + $newline + $newline + $newline
$body += "<b>Users with expired passwords:</b>" + $newline
$body += $expired_users + $newline + $newline
$body += "<b>Users with passwords expiring soon:</b>" + $newline
$body += $expiring_users
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
Send-Mail -smtpServer $smtp -from $from -to $to -attach $null -subject $subject -body $body
}
# End of script
}
else {
# Email notification to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password is expiring in " + $days_remaining + " day(s)."
# Message body is in HTML font
$body += "Dear administrator," + $newline + $newline
$body += "<font color=blue>" + $user.LogonName+ "</font>'s passwordis expiring in <font color=blue>" + $days_remaining + " day(s)</font>."
$body += " However, the system has detected that there is no emailaddress attached to the profile."
$body += " Therefore, no email notifications has been sent to " +$user.Name + "."
$body += " Kindly remind him/her to change the password before <fontcolor=blue>" + $user.PasswordExpires.date.tostring('dd/MMM/yyyy') +"</font>."
$body += " In addition, please add a corresponding email address to the profile so emails can be sent directly for future notifications."
}
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
Send-Mail -smtpServer $smtp -from $from -to $to -attach $files -subject $subject -body $body
}
}
# If there are users with expired password or users whose password is
# expiring soon
if ($expired_users -ne $null -or $expiring_users -ne $null) {
# Email notification to administrator
$to = $admin
$subject = "< Info > Password Expiry Report"
# Message body is in HTML font
$body = $font
$body += "Dear " + $AdminName + ","+ $newline + $newline
$body += "The following users' passwords are expiring soon or have already expired." + $newline + $newline + $newline
$body += "<b>Users with expired passwords:</b>" + $newline
$body += $expired_users + $newline + $newline
$body += "<b>Users with passwords expiring soon:</b>" + $newline
$body += $expiring_users
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
Send-Mail -smtpServer $smtp -from $from -to $to -attach $null -subject $subject -body $body
}
# End of script
