Here is a neat way to send an admin the list of users whose password will expire in the next week.
It will send a full report to the admin and also a reminder in email to the user if the email address has been added in Active Directory.
Don’t forget that to run a powershell script you will have to set the execution policy to remotesigned so that your own scripts can be run easily.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Now down to the script.
Create a scripts called PasswordReminder.ps1
Paste in the following:
$smtpServer=MySMTPServer #Change this to your SMTP mail server address.
$recipient = MyRecipent #Change this to the admin email address you want to send the reminder to.
$FromAddress = MyAddress #Change this to the address you want to send as.
#Generate a list of users with passwords expiring in the next 7 days
$UsersToReset = Get-ADUser -filter {Enabled -eq $true -and PasswordNeverExpires -eq $false -and PasswordExpired -eq $false} -Properties “Name”, “EmailAddress”, “msDS-UserPasswordExpiryTimeComputed” |
Where-Object {$_.”msDS-UserPasswordExpiryTimeComputed” -ne 0} |
Select-Object -Property “Name”, “EmailAddress”, @{Name = “PasswordExpiry”; Expression = {[datetime]::FromFileTime($_.”msDS-UserPasswordExpiryTimeComputed”)}} |
Where-Object {$_.PasswordExpiry -ge (Get-Date).Date -and $_.PasswordExpiry -le (Get-Date).Date.AddDays(7)}
#Initiate a html table to format the email with
$Body = “Please remind these people to reset their passwords this week: <br />======================================================<br />”
$Body = $Body + ‘<table style=”width: 68%” style=”border-collapse: collapse; border: 1px solid #008080;”>’
$Body = $Body + ‘<tr>’
$Body = $Body + ‘<td><b>User</b></td>’
$Body = $Body + ‘<td ><b>Expiry</b></td>’
$Body = $Body + ‘</tr>’
foreach ($User in $UsersToReset)
{
$Name=$User.Name
$Expiry=$User.PasswordExpiry.ToString(“dd/MM/yyyy”) #Format the date into UK format
$Body = $Body + “<tr>” #Add a table row to the table
$Body = $Body + “<td >$Name</td>”
$Body = $Body + “<td >$Expiry</td>”
$Body = $Body + “</tr>”
if ($User.EmailAddress) #If the AD info includes the users email address then also send the individual an email reminder
{
Send-MailMessage -SmtpServer $smtpServer -To $User.EmailAddress -From $FromAddress -Subject “Your server password expires in the next 7 days, please reset it now!!” -Body $Body -Encoding ‘UTF8’
}
}
$Body = $Body + “</table>” #close the html table
#Now send the email to the admin
Send-MailMessage -SmtpServer $smtpServer -To $recipient -From $FromAddress -Subject “Passwords expiring in the next 7 days” -Body $Body -Encoding ‘UTF8’ -BodyAsHtml
Once you test the script, add it to the scheduler on a weekly repeat.
Don’t forget to set the scheduler to run powershell.exe and an argument of -Filename scriptname.ps1
Running powershell scripts can be dangerous. No responsibility for consequences is accepted by Andisa IT Consultants Ltd. If you want help configuring and running safeley we are happy to engage on a consultancy basis!!
