Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(126)
48,753 times
Add to favorites
Active Directory
3/24/2017
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Where do I begin?
    1 Posts | Last post Thu 11:07 AM
    • I have a Win 2008R2 AD environment and i would like to implement this script to email users notifications to change their password. I went on the YouTube page but there are only bits and pieces in different videos.  
      
      I haven't use Powershell before but I done scripting before and am experienced enough to implement this once the steps are provided.  Where do I begin? I have downloaded the script already.
      
      thanks and regards,
      SC 
      
  • Excluding users from getting emails already in group
    2 Posts | Last post May 15, 2017
    • Hi,
      
      I have been using this script for sometime now and am very happy with how it works. Fantastic script I should saw. Servers my purpose. 
      
      Anyways, I use this script to email different set of instructions to two different set of groups. Recently a couple of users from one group have been added to another group due to which they receive 2 different emails with different set of instructions. Due to this users are confused on which instructions to use. Now, is their a way to exclude users from receiving mails sent to a specific group?
      
      Thanks in advance.
      
      
      Regards,
      
      </AN>
    • Hm that sounds like a bit of a tricky one.
      
      Are you running the script twice? with the two sets of instructions, or once with two sets defined within it?
  • string error
    2 Posts | Last post May 15, 2017
    • First I want to thank you for a great script and evolving it . I have run the script from PS and it outputs the csv but in the SendMail field for each row it prints out:
      
      The specified string is not in the form required for an e-mail address.
      
      C:\scripts> .\PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 90 -from 'support <support@domain.com>' -Logging -LogPath "C:\scripts" -testing true
      
      am I missing something?  
      
      thanks in advance to anyone that can assist.
    • Sounds like an issue reading the email address attribute from AD.
  • Email notification
    2 Posts | Last post May 15, 2017
    • Dear Robert 
      
      I am testing this script on SBS server 2011. 
      
      I am getting email notification but it does not give me value when password will be expiring. 
      
      Subject of email says " Your password will expire" I believe it should return the some value for $messagedays. but it is blank for me. 
      
      I have not applied the password policy yet. Default domain password age 0
      
      
      can you please shed some light on this. 
      
      Manoj 
    • Im not sure what you mean by not applying the password policy yet, but in order for a password to expire, you must have a maximum age set.
  • Verified works on other OS
    1 Posts | Last post May 11, 2017
    • I tested and verified on Server 2012R2, Server 2016, and Windows 10.  
      
      Just a heads up.  
  • is it supported to Windows Server 2012 DC
    1 Posts | Last post May 09, 2017
    • is it supported to Windows Server 2012 DC
  • Notify users in a different domain
    6 Posts | Last post May 08, 2017
    • Hi Robert,
      
      First off, absolutely fabulous script and it works beautifully. 
      
      I'm having some trouble making a customization to the script and was wondering if you or anyone could assist.
      
      Here is my scenario: I'm running the script on a DC in a secure domain which does not have user mailboxes, let's call the domain domain.local. So when notifications go out to these users about their passwords, the e-mails need to be sent to the users with their corporate e-mail addresses, let's call it corporate.com. Usernames in both domains are both the same; first initial last name (jsmith). I am trying to use the below, but it does not appear to be working. I 1) am not sure where to place it and 2) I most likely need to make edits in other parts of the script as well but am not sure where exactly. (I am definately no powershell genius). If you or anyone else has input, that would be greatly appreciated. Thanks in advance.
      
      $users | Add-Member NoteProperty -name corpEmailAddress -value $null  
      $users = $users | ForEach-Object {
          $_.corpEmailAddress = $_.Name+"@corporate.com"
          $_
          }
    • Anyone?
    • SO the domain domain.local does not have their correct email Address set?
    • Correct. We have two separate domains - a corporate.com domain where users will receive e-mail and the secure domain 'domain.local' has no e-mail access (no mailboxes) for any @domain.local accounts. The secure domain consists of our monitoring system and customer data. 
      
      As I said, testing your script worked flawlessly when using my @corporate.com address as the test recipient. I received all the notifications for password expiration criteria I specified. 
      
      So, something just needs to be added the script to say "if e-mail = @domain.local send to username@corporate.com instead". 
      
      I hope that is a more clear explanation.
    • Line 103 $emailaddress = $user.emailaddress
      $emailAddress = $emailAddress.ToString()
      $emailAddress = $emailAddress.Replace("@domain.local","@corporate.com")
      
      I think that should do the trick.
    • It certainly does do the trick. Thank you sir.
  • Running as a scheduled task.
    4 Posts | Last post May 05, 2017
    • Hey all,
      
      A simple question, but one I am strugging with and found various answers for, is running this script as a task with the parameters. Here is what I am putting in for my action. 
      
      Start a program - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
      
      Add Arguments - c:\temp\PasswordChangeNotification.ps1 -smtpServer stmp.mail.com -expireInDays 15 -from "Password Admin <noreply@mail.com>" -Logging -LogPath "c:\temp"
      
      Start in c:\temp.
      
      Can anyone help with what I am missing?
    • Try this:
      -command "c:\temp\PasswordChangeNotification.ps1 -smtpServer stmp.mail.com -expireInDays 15 -from 'Password Admin <noreply@mail.com>' -Logging -LogPath c:\temp"
    • Thanks John. I want to make sure I understand. I am using this in the Add Arguments section?
    • Worked like a charm, thank you so much.
  • Script works fine in PowerShell but not in Task Scheduler
    2 Posts | Last post May 04, 2017
    • I have given a service account the permissions shown in the video, but when I go to manually run the task to test, it just hangs - stays in a "Running" state.  I know this is not a syntax issue because I can run the script fine, works perfectly, in Task Scheduler when I use my domain admin account.  What am I missing here?  I'm using Exchange Online, is there some additional permissions that I need to give the service account that is running/starting the task?
    • Nevermind, I figured it out.  Had to recreate the secure text file (ConvertTo-SecureString) with the service account.
  • Targeting OU solved - How to exclude one particular OU from search?
    2 Posts | Last post May 03, 2017
    • Dear Robert,
      
      How to exclude one particular OU from search? I tried  | ? {$_.DistinguishedName -notlike "*,OU=QMSD-users,*"}   but it is not working.
      
      Could you please help me with this.
      
      Thanks
      Ashok
      
    • Couple of different ways to do this, but they require a bit of editing.
      You would need to include all the OUs you wanted to search i think rather than exclude one.
      
      Similar to this example, https://onedrive.live.com/?authkey=%21APYDrX6V63OrhrY&v=TextFileEditor&id=76ADE246838C632B%21346574&cid=76ADE246838C632B&parId=76ADE246838C632B%212695
      
      Or possibly,
      
      do something like this - $dnCheck = $user.DistinguihsedName.ToString()
      if(($dnCheck) -like "*OU=oupathtoexclude*")
      {
      # skip
      }
1 - 10 of 272 Items