Password Expiry Email Notification

I run it manually , it works 
Setting : (Interval =1,2,3,5,8)
Refer to log file , some user expiry in 4 days,
then email will not send out,(Right?)
so, should i run this scipt on tomorrow again to success send the email to user? 
Thanks a lot

Hello Robert,

How can I config a schedule task with your script so that it will send report only for twice a  week?

As the administrator will only need to see the report twice a week, if I setup another schedule with the script at different schedule, the end user will get 2 copies of notification sometimes.

Please kindly help.

Off the top of my head...

Lets say you schedule the script to run on a Tuesday and Thursday.

Under the report section (Line 300 v2.9)

Inside the brackets if($reportTo) add, 

    if($reportTo)
    {
        if(($start.DayOfWeek) -eq "Thursday")
        {
            $reportSubject = "Password Expiry Report"
            $reportBody = "Password Expiry Report Attached"
            try{
                Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop 
            }
            catch{
                $errorMessage = $_.Exception.Message
                Write-Output $errorMessage
            }    
        }
    }

So the report would only send on a Thursday.

Thank you Robert, I will give this a try and let you know how I go.

Thanks Robert, this is working well.

Hi Robert,

If I run the scripts, and i put the $expiredOn variable on the email, it's contains the following: 12/25/2018 09:07:00 and thats wrong.

Any ideas why it is containts this value? I need the date of the expiring.
If it could be formated nicely, that would be great!

Thanks four your answer!

Hi Robert P

This script is fantastic! Thanks for taking your time to share it. I have it working in my environment except for the reportTo. Mail to users are flowing fine, but I never get the report.

This is the command I'm using to run the script:
PwdChgNotify_Users.ps1 -smtpServer 192.168.100.28 -expireInDays 21 -from "Help Desk <DoNotReply@mydomain.com>" -reportTo me@mydomain.com -interval 1,2,3,4,5,10,15,20

Any help would be appreciated!
Robert M

Once I added -Logging -LogPath "c:\logFiles" to my command, it works. 

Thanks again for all your effort in making this public!!!

Hi
what are the minimum admin rights required to run this script
does it require domain admin rights 
thanks

The account running the script needs the ability to read user properties on the OU your users reside in.

It does not require any admin rights, you may want to add it to the backup operators group on the machine the script runs on, to allow it to logon as a batch job.

Hello, I am not very clear the function of the-report, I could explain, as I have understood according to the script sends to the account of the-reportto CSV file attached.

{ 
        $reportSubject = "Password Expiry Report" 
        $reportBody = "Password Expiry Report Attached" 
        try{ 
            Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop  
        } 
        catch{ 
            $errorMessage = $_.Exception.Message 
            Write-Output $errorMessage 
        } 
    } 

First of all - thanks for providing this script. Without it I doubt I would be able to produce anything functional for this need.

That being said we have an AD environment with multiple OU's for different entities. Each of those entities have different support details and logos. One solutions is to have unique scripts to run for each entity and just update the $user query to pull based on a specific search base then just statically assign the unique variables in each script. Have that bit figured out already, and it works, but then we have to manage multiple scripts and what's the fun in that.

I am curious how I could go about have the notification section start for each user by evaluating an if ($distinguishedname -like "*xxxxxxxxxxxxx" {$image=xxx $supportnumber=xxxx etc} elseif so on and so forth, then pass the right variables into the creation of the message.

I will admit the whole technet gallery bit is new to me, and I'm not sure of an efficient way to search through the Q and A to see if this has been address already (other than scrolling page by page).

Any help in either finding where this is already addressed, or in architecting a solution is greatly appreciated. 

Ben

I dont think there are many questions like this - there are some on targeting OUs but not on changing variables based on OU. I think you are along the right lines with your current thinking.

Good morning I have running script with testing option, immeditely answer on the shell how may users have password expiring in 14 days but it still in this windows no answer no logs no email
Thanks in advance
Davide

Sorry only take a time, after 20 minutes i have answer...I was thinking take a little bit time. Sorry

Hi Robert,

I tested the script below in Powershell ISE, it seems to run correctly and send notification.

c:\temp\PasswordChangeNotification.ps1 -smtpServer x.x.x.x -expireInDays 13 -from 'IT Support <test@xxx.com>' -Logging -LogPath 'c:\temp\logs' -reportTo test@xxx.com -interval 1,3,5,7,8,9 -testing -testRecipient test@xxx.com -status

However, when I put this in schedule task with the action below, it doesn't send notification, the "PasswordSet" and "ExpiresOn" show exact same date and time, then "DaysToExpire" show negative.


powershell.exe -command "c:\temp\PasswordChangeNotification.ps1 -smtpServer x.x.x.x -expireInDays 13 -from 'IT Support <test@xxx.com>' -Logging -LogPath 'c:\temp\logs' -reportTo test@xxx.com -interval 1,3,5,7,8,9 -testing -testRecipient test@xxx.com -status"

For testing, instead of reading the day from policy, I hard coded the Default Max.Age to 10 days.  I have couple test users that their "PasswordSet" date on 5 sept and 7 sept 2018.  

The condition are exactly the same, any reasons why the results are so different?

Patrick

any suggestion?

Nope sorry that makes no sense to me.

Hi Robert, I found an incorrect line of code that I modified, so now the script fixed and working well.

I am trying to get the report (only the report) to send to 2 email addresses, so I tried -reportTo 'test@xxx.com;test2@xxx.com', but it didn't even send the report.  

If I need to use CC, will it send the notification email as well?  Anyway I am not sure how to put in this CC as parameter for sending report.

Could you please help?

How can i ask the user to enter their credentials in the script for a third party email service - such as Sendgrid ?

You can use the Get-Credential cmdlet.

Where exactly to use ? And anything in the argument when scheduling a task ? 

You can use this method when scheduling the script.

https://www.youtube.com/watch?v=_-JHzG_LNvw