Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(153)
79,753 times
Add to favorites
Active Directory
8/7/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Emails not sending to Users
    2 Posts | Last post October 11, 2018
    • Hello,
      
      Script has been running perfect for over a year. I have it running via a task scheduler and recently it stopped working due to the scheduler running off an account that had the password expire.
      
       I have the scheduler working again, but now the script won't send emails to users. Though the testing attribute does work and it sends email to me that way.
      
      So it seems to work in all aspects except sending the emails. I also confirmed there are no emails being sent out and blocked or sent to junk mail.
      
      Would anyone be able to help? Much appreciated! 
    • Does the account sending email need authentication? Did you update the credential for that account?
  • Little Problem
    4 Posts | Last post October 11, 2018
    • Hi,
      
      Thanks for this script ! 
      
      I have something wrong using it : All my user are logged as "Skipped - Interval" even if they are in the good interval ! This is my CMD : 
      
      Powershell.exe -executionpolicy remotesigned -File C:\Scripts\PasswordChangeNotification.ps1 -smtpServer mail.blablabla.fr -expireInDays 10 -from "Support <support@blablabla.com>" -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient bla@blablabla.com
      
      And a log : 
      
      "in 10 days.","blabla","BLA bla","blabla@blabla.com","13/08/2018 09:36:11","10","12/10/2018 09:36:11","Skipped - Interval"
      "in 3 days.","blabla","BLA bla","blabla@blabla.com","06/08/2018 12:01:45","3","05/10/2018 12:01:45","Skipped - Interval"
      
      
      Thanks a lot ! 
    • Instead of -file, use -command
    • Hi Robert, 
      when i use - command , will get the result (0X1)
      if i use -file, same case as AlfredIT , the log will show all email skipped.
      Thanks,
      
    • Check out this video.
      https://www.youtube.com/watch?v=3ia-cJbf5Ng
      
      You need to put everything inside quotes after -command.
      
      Command:
      Powershell.exe
      
      Arguments:
      "-executionpolicy remotesigned -command C:\Scripts\PasswordChangeNotification.ps1 -smtpServer mail.blablabla.fr -expireInDays 10 -from 'Support <support@blablabla.com>' -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient bla@blablabla.com -interval 1,3,7,9"
      
  • Your scipt in task schedule problem
    1 Posts | Last post October 05, 2018
    • Good day,
      I am now having a problem to deploy on a task schedule, 
      the arguments space have limitation, so i can't input all the parameter,
      
      -NoProfile -ExecutionPolicy Unrestricted -File "D:\.\PwNotice.ps1 -smtpServer XXX.XXX.XXX.XXX -expireInDays 7 -from "IT Support <CGIPW_EXPIRY@XXXXXXXXXXXXXXXXX.com.hk>" -Logging -LogPath "D:\logFiles" -reportTo ITMAILMAIL@XXXXXXXXXXXXXX.com.hk -interval 1,2,3,5,7
      
      Kindly help & let me know how to fix this problem? 
      
      Thanks a lot.
      
      
       
  • Rename CSV column name
    3 Posts | Last post October 04, 2018
    • Hi Robert,
      
      I think it's a bit difficult to adjust the datetime format, so instead I'm just trying to add MM/DD/YYYY to the column name or description, so that the users can read the date properly.
      
      I tried to modify with this line
      
      $notifiedUsers | select UserName,Name,EmailAddress,PasswordSet,DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      
      with for example renaming the "PasswordSet"
      
      $notifiedUsers | select UserName,Name,EmailAddress,@{Name = "PwdSet-MM/DD/YYYY"; Expression = {$_.PasswordSet}},DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      
      The script executed without problem, however it only updated the column number on-screen output, it hasn't rename the column header in the CSV file.
      
      Am I change wrong place or wrong method?
      
      Please kindly help.
      
    • The column header is set based on the object name.
      
      So $daysToExpire is set on line 182. '-name DaysToExpire'.
      
      PasswordSet is on line 181.
      
      But, by changing these values you need to make sure they are not set elsewhere using the original names.
      
      For example on line 191 where we reference $_.DaysToExpire this would need to match whatever you change the value on line 182 for.
    • Thank you Robert for your quick reply.
      
      So instead of changing existing object name, is it possible if I create duplicate of these object with a different '-name', so that I can specifically used in the report and log view?
      
      If so, where would I placed these 'names' for report and logs?
  • Number of users
    5 Posts | Last post October 04, 2018
    • When i run this command :
      (Get-ADUser -filter *).count 
      I'm getting a different number of user compared to when i run your script. Why ?
    • Your command returns every user in the domain, my command filters the users to only include those with expiring passwords etc.
    • The users who's password are supposed to expire are not showing up.
    • I have the same issue.
      when i test manually the command 
      "$users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
      # Count Users
      $usersCount = ($users | Measure-Object).Count"
      Write-Output "Found $usersCount User Objects"
      The result is about 600 users, but when i run the script, they returns only 20 users. why ?
      
    • Without seeing a log or transcript of the powershell session, i can not say, except that usually this it is caused by Users not meeting the filtering requirements and being discarded from the results.
  • Should this scipt run everyday?
    1 Posts | Last post October 03, 2018
    • I run it manually , it works 
      Setting : (Interval =1,2,3,5,8)
      Refer to log file , some user expiry in 4 days,
      then email will not send out,(Right?)
      so, should i run this scipt on tomorrow again to success send the email to user? 
      Thanks a lot
      
  • Sending report only
    4 Posts | Last post October 02, 2018
    • Hello Robert,
      
      How can I config a schedule task with your script so that it will send report only for twice a  week?
      
      As the administrator will only need to see the report twice a week, if I setup another schedule with the script at different schedule, the end user will get 2 copies of notification sometimes.
      
      Please kindly help.
      
      
    • Off the top of my head...
      
      Lets say you schedule the script to run on a Tuesday and Thursday.
      
      Under the report section (Line 300 v2.9)
      
      Inside the brackets if($reportTo) add, 
      
          if($reportTo)
          {
              if(($start.DayOfWeek) -eq "Thursday")
              {
                  $reportSubject = "Password Expiry Report"
                  $reportBody = "Password Expiry Report Attached"
                  try{
                      Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop 
                  }
                  catch{
                      $errorMessage = $_.Exception.Message
                      Write-Output $errorMessage
                  }    
              }
          }
      
      So the report would only send on a Thursday.
    • Thank you Robert, I will give this a try and let you know how I go.
    • Thanks Robert, this is working well.
  • Expired on
    1 Posts | Last post September 27, 2018
    • Hi Robert,
      
      If I run the scripts, and i put the $expiredOn variable on the email, it's contains the following: 12/25/2018 09:07:00 and thats wrong.
      
      Any ideas why it is containts this value? I need the date of the expiring.
      If it could be formated nicely, that would be great!
      
      Thanks four your answer!
      
  • reportTo not working
    2 Posts | Last post September 19, 2018
    • Hi Robert P
      
      This script is fantastic! Thanks for taking your time to share it. I have it working in my environment except for the reportTo. Mail to users are flowing fine, but I never get the report.
      
      This is the command I'm using to run the script:
      PwdChgNotify_Users.ps1 -smtpServer 192.168.100.28 -expireInDays 21 -from "Help Desk <DoNotReply@mydomain.com>" -reportTo me@mydomain.com -interval 1,2,3,4,5,10,15,20
      
      Any help would be appreciated!
      Robert M
    • Once I added -Logging -LogPath "c:\logFiles" to my command, it works. 
      
      Thanks again for all your effort in making this public!!!
  • the lowest admin rights required
    2 Posts | Last post September 19, 2018
    • Hi
      what are the minimum admin rights required to run this script
      does it require domain admin rights 
      thanks
    • The account running the script needs the ability to read user properties on the OU your users reside in.
      
      It does not require any admin rights, you may want to add it to the backup operators group on the machine the script runs on, to allow it to logon as a batch job.
81 - 90 of 531 Items