Monday, December 9, 2013

PowerShell and Active Directory : Active Directory Users Password Expiry Email Reminder Script.

 

Are you a System Administrator and managing Active Directory too?

If Yes, then i know what is the most annoying problem we do face almost daily, that annoying problem is, when user ignore the notification that his password is going to expire soon, and he forget to reset it, and then he/she call Support  and told us tgat,they are not able to login to laptop, their email is not working etc etc.

I face these kind of problem once or twice in a week.

To solve it, i decide to write a PowerShell script, which sent an email to user that his/her password is going to expire in a 7 days.

This script sent an email to user, about that his password is going to expire in 7 days, and he should change it.

Note: make sure you have RSAT tools installed before running this script.

You can download the script from below link.

Download : http://gallery.technet.microsoft.com/PowerShell-Active-7179b91d 

Screenshots

1

Screenshot of an email, which user get.

3

I am pasting the code , but please download it from technet, because this code may contain some formatting issues .

#==================| Satnaam Waheguru Ji |=============================== 

#            

#            Author  :  Aman Dhally  

#            E-Mail  :  amandhally@gmail.com  

#            website :  www.amandhally.net  

#            twitter :   @AmanDhally  

#            blog    : http://newdelhipowershellusergroup.blogspot.in/ 

#            facebook: http://www.facebook.com/groups/254997707860848/  

#            Linkedin: http://www.linkedin.com/profile/view?id=23651495  

#  

#            Creation Date    : 09-12-2013

#            File    :         

#            Purpose :    

#            Version : 1  

#          

# 

#            My Pet Spider :          /^(o.o)^\   

#======================================================================== 

 

##Note ====> Before running this script, make sure you have RSAT tool installed.

 

#Immport Module Active Directory

Import-Module ActiveDirectory -ErrorAction 'Stop'

 

# Days after password expire, Change the Day's as per your Default Paaaword Expiration group Policy

[int]$totalDays = 90

 

# TOday

$todayDate =  Get-Date

 

 

#Password expiredCollection

$passwordExpiredCollection = @()

 

# Email Option and Value

 

$smtp = "Your-ExchnageServer"

$subject = "Chnage your Password Soon"

 

# filtering user from AD

$adUsers = Get-ADUser -Filter {(ObjectClass -eq "user") -and (EmailAddress -ne "$null")  -and (PasswordNeverExpires -eq "False")} -Properties PasswordNeverExpires,PasswordLastSet,PasswordExpired,LockedOut,EmailAddress

 

foreach ( $aduser in $adUsers)

 

        {

   

           if ($aduser.PasswordLastSet -ne $null) {

 

           

            [datetime]$lastPasswordSet = $aduser.PasswordLastSet

            $timeSpan = New-TimeSpan  (Get-date -Date $lastPasswordSet.Date )

            $expirationTime = $totalDays - $timeSpan.Days

          

            }

 

 

            Switch ($expirationTime)

            {

 

 

            7  {

                    $dateAfter7Days = (Get-Date).AddDays(7).ToShortDateString().ToString()

                           $passwordExpiring7Days  += $aduser.Name + ";" + $aduser.EmailAddress + ";" + $expirationTime + ";" + $dateAfter7Days

           

                }

                    

 

           

           

            }

 

            #switch stop

 

 

            # If User password is expired.

 

            if ( $aduser.PasswordExpired -eq $true )

                

                {

           

                    $passwordExpiredCollection += $aduser.Name + ";" + $aduser.EmailAddress + ";" + $expirationTime + "`n"

           

                }

 

 

 

       

        }

 

 

 

# Splitting

 

 

if ( $passwordExpiring7Days -ne $null ) {

 

        foreach ( $7name in $passwordExpiring7Days  ) {

 

 

            $7userCollection = $7name -split ";"

            $7userName = $7userCollection[0]

            $7userEmail = $7userCollection[1]

            $7pass = $7userCollection[2]

            $7day = $7userCollection[3]

 

 

            Write-Host "Dear $7userName, your emailid is $7userEmail , you password is expiring in $7pass days." -ForegroundColor Green

 

            $body = "Dear $7userName, <br>"

           

            $body += "<br>"

            $body += "Your password is due to expire in  <b><font color=red> $7pass days</b></font>. Please ensure you have changed it before then.<br>"

            $body += "<br>"

 

            $body += "Regards<br>"

            $body += "I.T. Team<br>"

            $body += "<br>"

            $body += "<br>"

            $body += "<b>How to change your password:</b><br>"

            $body += "    1. Press CTRL+ALT+DELETE, and then click Change a password.<br>"

            $body += "    2. Type your old password, type your new password, type your new password again to confirm it, and then press ENTER.<br>"

 

                     # if you want to send an email, please un-comment the below line.

            #Send-MailMessage -to $7userEmail -From "YourID@YourDomain.com"  -SmtpServer $smtp -Body $body -BodyAsHtml -Subject $subject  -Priority high -Encoding UTF8

                    

                    

             

            }

 

}

 

 

# sending list of password expired.

 

 $body = ""

 $body += $passwordExpiredCollection

 

 Write-Warning "Users those passwords are already expired ========" 

 Write-Host $passwordExpiredCollection  

 

# if you want to send an email, please un-comment the below line.

 #Send-MailMessage -to "YOURID@YourDomain.com" -SmtpServer $smtp -From "SCTIPTER@YourDomain.com" -Body $body -Subject "Password those are already expired"

 

 

 

 

 

Download : http://gallery.technet.microsoft.com/PowerShell-Active-7179b91d 

Regards

Aman Dhally

clip_image001 clip_image002 clip_image003 clip_image005  clip_image007


1 comment:

  1. Very helpful script, it helps to notify about password expiration to users. I used this password expiry notifier tool (http://www.lepide.com/user-password-expiration-reminder/) whose automatically notify unlimited users through email about their impending password expiry and get the complete reports on the delivery status of password change reminder .

    ReplyDelete