Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(126)
49,995 times
Add to favorites
Active Directory
3/24/2017
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Sending Alerts to Early
    3 Posts | Last post June 16, 2017
    • Hello,
      
      Great script, which has been working flawlessly until now. We had everyone change their passwords on April 21 and the password change policy is every 6 months. I have a lot, if not all the users complaining that they are receiving emails stating that their passwords are going to expire in 5 days. How can this be? The setting for alerting is 14 days ahead of expiration but the script is sending the emails months in advance. Any ideas as to why?
      
      Regards,
      Dave
    • I found the issue but not the fix... The command in the script that reads $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge and the issue with that command is that it is pointing to the default domain policy which by default is 3 months and not a new GPO that was created specifically for the new password policy. I can't just change the default policy as there are OUs that should not have the new password policy applied to them. 
      Anyone have any ideas on how to fix this, one of the guys here said we could hard code the age but we noticed that MaxPasswordAge is used multiple times in the script.
    • It should read the users applied password GPO - Line 108 - 113 in v2.3
      
  • All users not showing and email send error
    2 Posts | Last post June 16, 2017
    • Hello,
      
      When I run the script I only get 3 users but when I take out this part of the script, (| where { $_.passwordexpired -eq $false }), I receive all users.  I am not sure if I need to do this because I want everything to be correct.  Is there something missing in AD?
      
      Also when the emails try to send I get this error: The SMTP server requires a secure connection or the client was not authenticated.  The server response was: 5.5.57.  I have tried to research the web but I didn't understand what I found.  Can you help me?
    • It means those users have passwords that have already expired.
  • SMTP SSL
    2 Posts | Last post June 13, 2017
    • How to modify this script to send e-mails to SSL SMTP 465 e-mail server?
    • Send-MailMessage has a -port and -useSSL switch i think.
      https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/send-mailmessage
  • Multiple Password Policies
    2 Posts | Last post June 13, 2017
    • Hi Guys,
      
      Our domain consists of multiple OUs which sometimes have a separate password policy (other than domain default). So for example, Domain Default is set to 182 Days, but, an OU with Sales Users might have a separate policy for 30 days etc. 
      
      The script seems to look at the default password policy, therefore not notifying the users in the Sales OU.
      
      How could I customise the script to look at the applied policy rather than the default policy? Or is there a better method?
    • The script should already be taking into consideration Fine Grained Policies.
      
      Line 108 - 113 in v2.3
      
      Can you confirm the FGP is applied correctly to a user in sales?
  • Logging Issues
    2 Posts | Last post June 13, 2017
    • I am running your script by right clicking - Edit - then Run Script. Everything works fine by the logging. Below is what I have defined for logging. Am I'm missing something?
      
      $logLabel = "True".PadRight($padVal," ")
      $logPathLabel = "C:\PasswordExpiring.csv".PadRight($padVal," ")
      
      Thank you
    • Which version do you have?
      
      The log is actually defined by a parameter, which is not compatible with running by right click.
      
      You should open PowerShell and run like this, (example parameters)
      
      .\my-script.ps1 -logpath c:\logs
      
      A bit more info here, https://www.youtube.com/watch?v=xbzxWOarVuk
  • Send Email Attachment
    2 Posts | Last post June 13, 2017
    • How do I have it email me the same csv file that it creates? This is what I currently have. The script sends the file to c:\temp.
      
      Send-Mailmessage -smtpServer $smtpServer -from $from -to test@test.com -subject "Passwords Expiring" -attachment c:\temp\$logFileName = "$date-PasswordLog.csv"
    • -attachment c:\temp\$logFileName = "$date-PasswordLog.csv"
      
      Have you tried changing this to...
      
      -attachment c:\temp\$logFileName\$date-PasswordLog.csv"
  • users
    2 Posts | Last post June 13, 2017
    • This new script does not find any users on my domain, how to troubleshoot this? windows 2012 r2
    • It is possible none of your users meet he criteria of the search on line 89 (v2.3)
      
      So, i would open up a PowerShell window, run the following:
      
      Import-Module ActiveDirectory
      Get-AdUser -Filter *
      
      This should return all users.
      
      get-aduser -filter {(Enabled -eq $true)}
      
      This should return only accounts that are enabled.
      
      get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)}
      
      This should return enabled users that do not have 'non expiring' passwords.
      
      If you get results on these, move onto the next part of line 89.
      
      My guess is, that your users are set so that passwords never expire.
  • Thank you for the script!
    2 Posts | Last post June 13, 2017
    • No questions here, just wanted to thank you for this awesome script! I found it really easy to get started with, and it is running without any problems. The details on the videos also helped make it easy to setup with Task Scheduler. Keep up the fantastic work ^_^
    • Thanks, very kind of you to say.
  • Copy of the Email for archiving
    2 Posts | Last post June 13, 2017
    • Hi Robert
      Thanks for your script, one little question; is there a way to send a copy of each email to a specified emailaddress?
    • You can use a -cc or -bcc on the send-mailmessage cmdlet.
  • How to send email notification to users instead of testing id.
    4 Posts | Last post June 02, 2017
    • Hi,
      I have used this script with the following arguments, & using which i am able to send emails notifications to testing email id only, however what should i do to send email notification to particular users.
      
      .\script.ps1 -smtpServer XXX-com0i.mail.protection.outlook.com -expireInDays 3 -from 'IT Support <abc@xyz.com>' -Logging -LogPath "C:\Scripts\Log" -testing abc@xyz.com -status
      
      Can you please send me the argument command which send email notifications to users whose password is going to expire.
      
      Thank You!
      
      
    • Don't specify -testing
    • @RobertPearman
      
      is it possible to add an administrator or a mailbox for monitoring purpose.
      for example, could it send an email to the user as a notification for password expiry, also add an admin or  a mailbox for monitoring the email notification?
    • Well, i jsut modified the slight of adding -Cc to the script and it works.
      
      Thanks for the script again.!!!
1 - 10 of 285 Items