Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(153)
79,831 times
Add to favorites
Active Directory
8/7/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Scheduled Task Error
    2 Posts | Last post November 28, 2018
    • Hey Everyone,
      
      I'm trying to set this up as a scheduled task however it's not running.  I can c/p the code into a normal ps prompt and I keep getting The '<' operator is reserved for future use.
      
      It's flagging on the from argument with the IT Support <user@domain.com> 
      
      Any ideas?
      
      Thanks!
    • that should be in quotes.
      
      https://www.youtube.com/watch?v=xbzxWOarVuk
  • Powershell Script - Assigning Values
    2 Posts | Last post November 27, 2018
    • Hey Everyone,
      
      I'm testing out this script and I'm having issues assigning values to these variables below from inside the script. Could anyone let me know where this needs to go inside the script so I don't get prompted for the values when the powershell script runs? 
      
      Thank you!
      
      
      
      $smtpServer
      
      $expireInDays
      
      $from
      
      $interval
      
    • You don't set them inside the script (ideally)
      
      You set them as parameters,
      
      .\myscript.ps1 -smtpserver xxxx -expireindays xx -interval 1,2,3
  • Include and exclude multiple OU's
    2 Posts | Last post November 27, 2018
    • Hi,
      
      Let's say that I have 20 different OU's with user but I only want to send the email notification to users in 9 of them. What's the easiest way to do that?
      
      Thanks for you help
    • Does that mean you dont want to check the other OUs at all? or you want those logged but not emailed?
  • Issues with Task Scheduler
    7 Posts | Last post November 20, 2018
    • Hi, I am trying to get this to work on one of our customers systems and I have managed to run the script manually however I can't seem to automate it via Task Scheduler. I have followed your video, applied the delegation to the OU etc.
      
      This is my current setup for the task:
      
      Start a program: Powershell.exe
      Arguments: -command "'C:\PS\PasswordChangeNotification.ps1' -smtpServer mail.domain.com -expireInDays 4 -from 'Administrator <administrator@mail.org.uk>' -logging -logPath 'C:\PS\Log Files' -testing $true -testRecipient ICT@mail.org.uk"
      
      
      It's set to expire in 4 days during testing and I've tried it with and without $true after testing.
      
      If I try and manually run, it says the job completes in the task scheduler, but no emails are sent to the test account and nor is a log file created.
      
      Any ideas?
    • Can you try it like this instead,
      
      'C:\PS\PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 4 -from "Administrator <administrator@mail.org.uk>" -logging -logPath "C:\PS\Log Files" -testing -testRecipient ICT@mail.org.uk'
    • Hi, I've put in the above within the arguments but sadly still no emails sending/log file.
      
      I'm not sure if this makes a difference but I'm using Server 2012 R2 and using the built in domain administrator account.
    • Load an elevated CMD. 
      
      Then run powershell.exe -command 'C:\PS\PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 4 -from "Administrator <administrator@mail.org.uk>" -logging -logPath "C:\PS\Log Files" -testing -testRecipient ICT@mail.org.uk'
      
      what happens?
    • Hi, I ran from an elevated CMD and this is what I get:
      https://drive.google.com/open?id=1H41EIe_sjuu19VVqrXXbFon5ZIUKLvnz
      
      The first time I put the entire syntax in and after pressing enter, it doubles it as you can see from the screenshot like it's ran the command but no output results.
      
      I then loaded the powershell first and tried running it, but mentions that -Command is incorrect.
      
      Finally I removed the -command and after pressing enter, it doubles the syntax like the command has happened without error but still no output result. It's bizarre.
      
      I know it works because I've run it via Powershell ISE which then asks me for the SMTP server, who to send it from and expiry days. 
      
      Just to double check, once I downloaded the script, I just leave it within the folder and I don't need to make any changes in the script as that's what the arguments are for?
      
      Sorry, very new to powershell so learning as a go along!
    • You may need to right click the file downloaded, go to properties and unblock it.
      
      -command would be incorrect at that point because you have already loaded PowerShell.
      
      Using Powershell.exe -command "..." tells powershell to load, and what command to execute.
      
      If you are already in PowerShell you can substitute -command for .\ which tells PowerShell to execute the file.
      
      Ideally you would navigate to that folder before launching the command.
      
      cd c:\ps <enter>
      .\PasswordChangeNotification.ps1 -etcetc
    • I solved it running directly, without the "-command" Flag. The action ends up like this:
      
      powershell.exe C:\\PasswordChangeNotification.ps1 -expireInDays 7 -logging -logPath C:\Scripts\ -testing -testRecipient admin@mail.com -status
      (i didnt expecify some because i set them inside the script)
  • The smtp server requires a secure connection
    3 Posts | Last post November 16, 2018
    • Hi Robert,
      
      Great script, this is exactly what I was looking for. I have everything configured to my needs except for the mailing part (the most important part). I have watched your YouTube video about smtp authentication, however it still doesn’t explain how to use a secure connection. I keep getting "The smtp server requires a secure connection" from my log. I’ve tried this with a local domain relay (which requires TLS), Office 365 and Gmail.
      
      I’ve seen many questions about this problem in this very Q and A, but no real solutions to the problem, just different ways to go around it. So, my question is, how can I make the script use TLS?
      
      Really looking forward to your reply, I feel like this can help a lot of other people as well.
      
      Kind regards,
      Sebastiaan
      
    • As i am not in control of third party mail servers, it is difficult to give a definitive answer.
      
      From a Windows 10 machine, this command allowed me to send authenticated SMTP via Office 365,
      
      Send-MailMessage -SmtpServer $smtpServer -From $from -To $to -Subject $subject -Body $body -Credential $cred -Port 587  -UseSsl
      
      The same command allowed me to send via gmail as well.
    • You can also adjust the TLS version you are using by adding this before the Send-MailMessage command,
      # For 1.2
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
      # For 1.1
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11
      # For 1.0
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls
  • Gmail authentication
    2 Posts | Last post November 09, 2018
    • Hi there Robert,
      
      This scrips is amazing imo but I'm having a small problem with it.
      I'd really like to use this with my gmail account and I followed your SMTP-Auth tutorial.
      I just keep getting the "the smtp server requires a secure connection or the client was not authenticated". 
      Could this be because I'm using 2factor authentication on my gmail account?
      
      Looking forward to your reply!
      
      Kind regards,
      Sander 
    • Yes i expect so.
      
      You can create an App password in gmail to use with smtp authentication.
      
      https://support.google.com/accounts/answer/185833?hl=en
  • Time to be run?
    2 Posts | Last post November 01, 2018
    • thank you
      
      is this run as a one time event or do you need to run it each time you want the email to be sent?
      
      If so do people setup a scheduled task ?
    • I run it as a scheduled task three times a week.
  • New to This
    2 Posts | Last post October 30, 2018
    • I am sorry to bother you, This is a great script, but we have set up an Exchange Server In-House and have many shared Mailboxes, this are all Disabled Accounts but the script emails them saying your password is due to Expire.
      I cannot Exempt an OU as each Shared Mailbox is in the OU for each Sub Site, Can I get this script to ignore Disabled Accounts.
    • On line 132 it should be filtering out accounts that are disabled.
      
      get-aduser -filter {(Enabled -eq $true)...}
      
      Which version are you using, have you made changes to it?
  • Parameters Dont Matter
    2 Posts | Last post October 29, 2018
    • Robert, thanks so much for making this available!
      
      I have enjoyed working with this to get it to work.
      
      # Please Configure the following variables....
      $smtpServer="xxx02.xxx.com"
      $expireindays = 21
      $interval = 1,2,5,10
      $from = "Password Reset Notification <support@xxxx.com>"
      $logging = "Enabled" # Set to Disabled to Disable Logging
      $logFile = "\\cccccc\cccccccc\mylog.csv" # ie. c:\mylog.csv
      $reportto = "bxxxxr@xxxx.com"
      $testing = "Disabled" # Set to Disabled to Email Users
      $testRecipient = "asdkljfhn@ccccc.com"
      
      I am testing the code and have run it in test mode many times.  Once I get it to work in testing I modify the parameters for real-time.  The new modifications are not working.
      
      1. The log file is not going to a new path I specified
      2. The server thinks testing is still enabled because my test account is getting the email.
      
      I have noticed this on-off with other parameters and I am, honestly, clueless, why the new changes are not being implemented in the code.
      
      Thanks for your help!  Always!!
      
      -Jason
    • Which version of the script are you using?
      
      You should not set the values of the variables inside the script itself.
  • Exclude an OU?
    2 Posts | Last post October 11, 2018
    • Hello,
      
      I've been using this great script for over a year - once again, great work. I have an OU that i'd like to exclude from the script. Is it possible to do this instead of specifying multiple OUs in the -searchbase?
    • Excluding a single OU is possibly, if a little convoluted.
      
      If you add CanonicalName to the -properties section of Get-AdUser, this will collect everyones CanonicalName, which, if you did not know, is the path to the user object in AD. (we could also use a distinguishedname)
      
      now, somewhere near the top lets say line 139 add in,
      
      $excludeOU = @("mydomain.domain.com/OU/OU/")
      
      where that is the path to the OU you want to exclude, leave the trailing "/".
      
      At line 178 we then need to add in a bit of script to collect the users OU and add it to the $userObj.
      
      $userCanon = $user.CanonicalName.Replace($user.Name,"")
      
      then line 184
      
      if(($excludeOU) -contains $userCanon)
      {
      # Skip User
      }
      else
      {
      $colUsers += $userObj
      }
      
      
      I have not tested this, and this won't do anything like log the exclusions, or even output anything to the colsole, but it should be enough to skip an OU.
      
      
      
      
71 - 80 of 531 Items