Powershell Script to Send Password expiry notification to users


Folks

I am looking for a good script to send a password change notification users whose password is expiring in less than 15 days time. Hope somebody can use below script.

#**************************************************************************

#
# PowerShell script to gather Password expiry date for all users and —
# send e-mail notification to user with Password expiry date less than 15 Days
#
# Created by Vipin Vasudevan
#
#********************************************************************************

# Set the target OU that will be searched for user accounts
param ($OUDNPath = “CN=USERSDC=DOMAIN,DC=COM”)
$objuser= $null
$objou= [ADSI]”LDAP://$OUDNPATH”
$searchad= [System.DirectoryServices.DirectorySearcher]$objou

# LDAP Filter for searching user account
$searchad.Filter =”(&(objectcategory=person)(objectclass=user)(!useraccountcontrol=514))”
$searchad.PageSize= 1000
$searchad.searchscope= “Subtree”

# Fill in the user variables
[void]$searchad.PropertiesToLoad.Add(“samaccountname”)
[void]$searchad.PropertiesToLoad.Add(“lastlogontimestamp”)
[void]$searchad.PropertiesToLoad.Add(“pwdlastset”)
[void]$searchad.PropertiesToLoad.Add(“name”)
[void]$searchad.PropertiesToLoad.Add(“mail”)
$objusers = $searchad.findall()

# Take each users to calculate las passowrd reset time and Expire date
foreach ($evuser in $objusers)
{
# Calculating the Last password reset date
$lastpwdchng = $($evuser.properties.pwdlastset[0])

# Convert the ‘pwdlastset’ NT system time into a readable format
$lastpwdchng = [datetime]::fromfiletime($lastpwdchng)

# Enumerate “Name, Mail and Samaccountname” attribute value for each users
$name = $($evuser.properties.name)
$mail = $($evuser.properties.mail)
$sam = $($evuser.properties.samaccountname)

# Convert SAMaccountName to UserprincipalName
$upn = $sam + “@DOMAIN.com”

# Define the default password age ( maximumPasswordAge ) and get current date to ‘$today’
$policy = 45
$today = Get-Date

# Identify the current password age to ‘$daystoexpiry’
$daystoexpiry = ($today – $lastpwdchng).Days

# Identify the days remaining to expire password checking password age with default password age.
$balance = $policy – $daystoexpiry

# Identify Date and time passsword is going to expire by adding 45 days to Last password set date.
$expireyday= $lastpwdchng.Adddays(45)

# Check users that have a password expiring in 15 days or less
If ($balance -lt 15 -and $balance -gt 0)
{
# E-mail structure with message body

$WarnMsg = ”

This is an automatically generated message from the Active Directory System

Dear $name,

This is to inform you, that your AD account ( $upn ) password is due to expire on $expireyday IST. (<%pwdExpiryDate+pst%>)
If you are directly logging to the DOMAIN.com Windows active directory Network, please change the password using built-in windows feature
(Use ctrl-alt-del and select change password).
If not please go to the site https://portal.DOMAIN.com use your existing credentials to login and change your password.

If you have problems changing your AD account password please raise a ticket by contacting ISHelpDesk at
From US : + 1-949-600-xxxx
From India : 0471–404xxxx/ 0471 404xxxxx
Email: ISHelpdesk@DOMAIN.com

Your Password was last changed on $lastpwdchng IST. (<%pwdLastSet+pst%>)

Your AD credentials are used to access all corporate services and an account lock out will lead to loss of productive time.

Your password should meet the following conditions.

  • Your password must contain a minimum of 8 characters
  • Password must be a combination of upper and lower case characters, numerals (0 – 9) and non-alphabetic characters (!,$,%,&,…)
  • Your password must not contain part of the account or your proper name
  • The system will not accept your previous 24 passwords
  • Please change your password every 45 days. The system will prompt you to do so
  • Warning: Your account will be locked if 5 attempts to change passwords fail due to invalid entries. Please contact Helpdesk [Phone: 11xx/11xx (VOIP) or 0471-404xxx (India PSTN) or 9496xxxxx (US Users)] for assistance

Thank you,

Active Directory Support Team

Confidentiality Notice:

This message and any attachment(s) contained here are information that is confidential, proprietary to Organization and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the individual or the entity it is addressed to. If you are not the intended recipient of this message, you are not authorized to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer.

$recipients1=”ADTeam@DOMAIN.com”

# Send Email to user that password is going to expire
send-mailmessage -from ISHelpdesk@DOMAIN.com -to $mail -Bcc $recipients1 -subject “Change Password” -body $WarnMsg -smtpServer -BodyAsHtml

}

}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s