Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

4.6 Star
79,732 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
Sign in to ask a question

  • Users are note receiving the emails after I run this script
    2 Posts | Last post Fri 11:42 PM
    • Hello,
      Thank you for the great Script. I got an issue: I'm using office 365. By reading a previous post they mentioned that I needed to add -port 587 -UseSsl to
      Can you please advise? 
      thank you !
      Script Loaded
      *** Settings Summary ***
      SMTP Server          : -port 587 -UseSsl
      Expire in Days       : 14
      From                 :
      Logging              : False
      Log Path             : 
      Testing              : False
      Test Recipient       : 
      Report Recipient     : 
      Intervals            : 
    • Secondly, Is it possible to configure in the script with these fields?
      SMTP Server          
      Expire in Days       
      To avoid to do this manually
  • How to highlight Text in email
    3 Posts | Last post November 05, 2019
    • I am trying to use an html message and I am not getting the <mark> command to work
      I can use <h1> <h2> and <strong> tags, however, <mark> does not work? Should it?
      What am I missing? My HTML works otherwise. Below is snip of parts of the message format. This works as HTML, obliviously a few changes, but otherwise it is good.
      $body ="
      <font face=""verdana"">
             Dear $name,
      <P>  You are receiving this notice because
      <strong><mark>Section 2</strong></mark> Working over VPN\Traveling<br>
      <p>	Disconnect from VPN and then reconnect using your new password.<br>
       <h1>    Password Reset Tool </h1>
      Login to <a href=""https://someURL/owa"">Password Reset Tool</a> Step for detail, Additional detail here.
      <p>    Thanks,
    • I just wanted to add to my earlier post... the example I gave shows <<mark>... I cannot edit my post, but it should read <mark>Highlightme</mark>	
    • Your mail client may not support <h> tags.
      Try editing the text using <font> instead.
  • Office 365
    2 Posts | Last post November 05, 2019
    • I am trying to setup my Scheduled Task but it seems that it does not like the credentials for O365.  I have tried using a domain admin account and my own but I can't get past the login during testing.  Any ideas?
    • Review this,
  • Non-Standard SMTP Port with 2.9 version of script?
    2 Posts | Last post November 05, 2019
    • I am trying to run the 2.9 version of the script.  I want to specify a non-standard SMTP port for my SMTP server.
      I don't see a parameter for SMTP port, nor do I see any other place in the script to configure this value.
      Anyone know how to do this?
    • You can edit the Send-MailMessage lines directly to change your SMTP port.
  • Running the script
    1 Posts | Last post October 30, 2019
    • Thanks Morn77!  Now I have another question; can I run it as test before I setup the schedule?  If so do I run it from the scripts folder with my parameters?
  • entering values part 2
    2 Posts | Last post October 30, 2019
    • I am using the new version of the script.  An example of what is happening is this:
      on the line where it asks for the $expiredays, I enter 15 after the comma but I get the error; Missing ')' parameter in the function list
    • Dont change anything in the script unless you want to point to one group (ou) and not all users
  • entering values
    2 Posts | Last post October 30, 2019
    • I am very new to PS scripting so excuse the simple question.  How do I enter the values for smtpServer, expiry days, and From email in the script so it won't prompt every time it runs.
    • You dont write them in the script, you write them when you run the script..
       PasswordChangeNotification.ps1 -smtpServer -expireInDays 21 -from "IT Support <>" -reportTo
  • Small problem
    2 Posts | Last post October 29, 2019
    • Hi can someone help me understanding why my output looks like the below? 
      UserName	Name	EmailAddress	PasswordSet	DaysToExpire	ExpiresOn	SendMail
      Name, Name   8/17/2019 14:00	-73	8/17/2019 14:00	OK
      But look at the password set and DaysToExpire and ExpiresOn?? Something is wrong... I'm using the group solution and not users...
    • Oh, I can see our password policy says MaxPasswordAge              : 00:00:00... 
      Could I change the script so it knows that our MaxPasswordAge is 90 days? or should I change the MaxPasswordAge on my domain?
  • Exclude specific OU path
    2 Posts | Last post October 03, 2019
    • First of, as you been told many times, its a awesome script you have created! :)
      TLDR Question:
      Is there a way to exclude a specific path without using "where"?
      The Backstory:
      We have a small subsidiary company in another country, but we have not divided up our AD based on country. That company uses a different mailbox for support cases and have requested to have the email in a different language.
      The Issue:
      So i am using two different scripts, One for "Language A" and one for "Language B".
      In Script A i use -searchbase to tell the script to only run that specific path
      But for Script B i would like to find a way not to use a double "where" as you can see below, as that will make the script run much slower. Script B have its searchbase set to: "OU=Company,DC=DOMAIN,DC=local"
      | where { $_.passwordexpired -eq $false} | where {$_.DistinguishedName -notlike "$OUexclude"}
    • Excluding OUs is possible, but not straight forward.
      I think it was asked previously.
      One way is as you have described.
      Another would be to add a check into the section that starts around line 146 
      foreach ($user in $users)
      Then what we would be doing is checking the users OU Path, either using their distinguishedName or CanonicalName (whichever you prefer) Canonical Name is probably easier, you could then add a value in the PSObject for their language to save you running two separate scripts, or just to use that value to exclude them.
      Another way to do it would be to use a value in AD, that you are not already making use of, FaxNumber perhaps and filter them with Get-AdUser -filter {FaxNumber -ne en-gb } 
      Hope that is of some use. 
  • Action if no email address in AD object
    5 Posts | Last post September 18, 2019
    • Hi Robert,
      Great script, been using it and it works perfectly.
      I have a case where I need the script to send the email to a specific email address if the email address field in AD is empty. Probably an easy way to do this, could you help, please?
    • By default if AD does not have a valid emails address, it will send to $testRecipient.
    • In the script we have this line:
          # If a user has no email address listed
          if (($emailaddress) -eq $null)
              $daystoexpire = "100"    
          }# End No Valid Email
      Can I change this to:
      if (($emailaddress) -eq $null)
      $emailaddress = ""
      And it should work, yeah?
    • Sure.
    • Tested yesterday, got it to work. Thanks!
1 - 10 of 530 Items