Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days. I have now moved it to GitHub -

4.6 Star
94,386 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
  • Exclude an OU?
    2 Posts | Last post October 11, 2018
    • Hello,
      I've been using this great script for over a year - once again, great work. I have an OU that i'd like to exclude from the script. Is it possible to do this instead of specifying multiple OUs in the -searchbase?
    • Excluding a single OU is possibly, if a little convoluted.
      If you add CanonicalName to the -properties section of Get-AdUser, this will collect everyones CanonicalName, which, if you did not know, is the path to the user object in AD. (we could also use a distinguishedname)
      now, somewhere near the top lets say line 139 add in,
      $excludeOU = @("")
      where that is the path to the OU you want to exclude, leave the trailing "/".
      At line 178 we then need to add in a bit of script to collect the users OU and add it to the $userObj.
      $userCanon = $user.CanonicalName.Replace($user.Name,"")
      then line 184
      if(($excludeOU) -contains $userCanon)
      # Skip User
      $colUsers += $userObj
      I have not tested this, and this won't do anything like log the exclusions, or even output anything to the colsole, but it should be enough to skip an OU.
  • Emails not sending to Users
    2 Posts | Last post October 11, 2018
    • Hello,
      Script has been running perfect for over a year. I have it running via a task scheduler and recently it stopped working due to the scheduler running off an account that had the password expire.
       I have the scheduler working again, but now the script won't send emails to users. Though the testing attribute does work and it sends email to me that way.
      So it seems to work in all aspects except sending the emails. I also confirmed there are no emails being sent out and blocked or sent to junk mail.
      Would anyone be able to help? Much appreciated! 
    • Does the account sending email need authentication? Did you update the credential for that account?
  • Little Problem
    4 Posts | Last post October 11, 2018
    • Hi,
      Thanks for this script ! 
      I have something wrong using it : All my user are logged as "Skipped - Interval" even if they are in the good interval ! This is my CMD : 
      Powershell.exe -executionpolicy remotesigned -File C:\Scripts\PasswordChangeNotification.ps1 -smtpServer -expireInDays 10 -from "Support <>" -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient
      And a log : 
      "in 10 days.","blabla","BLA bla","","13/08/2018 09:36:11","10","12/10/2018 09:36:11","Skipped - Interval"
      "in 3 days.","blabla","BLA bla","","06/08/2018 12:01:45","3","05/10/2018 12:01:45","Skipped - Interval"
      Thanks a lot ! 
    • Instead of -file, use -command
    • Hi Robert, 
      when i use - command , will get the result (0X1)
      if i use -file, same case as AlfredIT , the log will show all email skipped.
    • Check out this video.
      You need to put everything inside quotes after -command.
      "-executionpolicy remotesigned -command C:\Scripts\PasswordChangeNotification.ps1 -smtpServer -expireInDays 10 -from 'Support <>' -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient -interval 1,3,7,9"
  • Your scipt in task schedule problem
    1 Posts | Last post October 05, 2018
    • Good day,
      I am now having a problem to deploy on a task schedule, 
      the arguments space have limitation, so i can't input all the parameter,
      -NoProfile -ExecutionPolicy Unrestricted -File "D:\.\PwNotice.ps1 -smtpServer XXX.XXX.XXX.XXX -expireInDays 7 -from "IT Support <>" -Logging -LogPath "D:\logFiles" -reportTo -interval 1,2,3,5,7
      Kindly help & let me know how to fix this problem? 
      Thanks a lot.
  • Rename CSV column name
    3 Posts | Last post October 04, 2018
    • Hi Robert,
      I think it's a bit difficult to adjust the datetime format, so instead I'm just trying to add MM/DD/YYYY to the column name or description, so that the users can read the date properly.
      I tried to modify with this line
      $notifiedUsers | select UserName,Name,EmailAddress,PasswordSet,DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      with for example renaming the "PasswordSet"
      $notifiedUsers | select UserName,Name,EmailAddress,@{Name = "PwdSet-MM/DD/YYYY"; Expression = {$_.PasswordSet}},DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      The script executed without problem, however it only updated the column number on-screen output, it hasn't rename the column header in the CSV file.
      Am I change wrong place or wrong method?
      Please kindly help.
    • The column header is set based on the object name.
      So $daysToExpire is set on line 182. '-name DaysToExpire'.
      PasswordSet is on line 181.
      But, by changing these values you need to make sure they are not set elsewhere using the original names.
      For example on line 191 where we reference $_.DaysToExpire this would need to match whatever you change the value on line 182 for.
    • Thank you Robert for your quick reply.
      So instead of changing existing object name, is it possible if I create duplicate of these object with a different '-name', so that I can specifically used in the report and log view?
      If so, where would I placed these 'names' for report and logs?
  • Number of users
    5 Posts | Last post October 04, 2018
    • When i run this command :
      (Get-ADUser -filter *).count 
      I'm getting a different number of user compared to when i run your script. Why ?
    • Your command returns every user in the domain, my command filters the users to only include those with expiring passwords etc.
    • The users who's password are supposed to expire are not showing up.
    • I have the same issue.
      when i test manually the command 
      "$users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
      # Count Users
      $usersCount = ($users | Measure-Object).Count"
      Write-Output "Found $usersCount User Objects"
      The result is about 600 users, but when i run the script, they returns only 20 users. why ?
    • Without seeing a log or transcript of the powershell session, i can not say, except that usually this it is caused by Users not meeting the filtering requirements and being discarded from the results.
  • Should this scipt run everyday?
    1 Posts | Last post October 03, 2018
    • I run it manually , it works 
      Setting : (Interval =1,2,3,5,8)
      Refer to log file , some user expiry in 4 days,
      then email will not send out,(Right?)
      so, should i run this scipt on tomorrow again to success send the email to user? 
      Thanks a lot
  • Sending report only
    4 Posts | Last post October 02, 2018
    • Hello Robert,
      How can I config a schedule task with your script so that it will send report only for twice a  week?
      As the administrator will only need to see the report twice a week, if I setup another schedule with the script at different schedule, the end user will get 2 copies of notification sometimes.
      Please kindly help.
    • Off the top of my head...
      Lets say you schedule the script to run on a Tuesday and Thursday.
      Under the report section (Line 300 v2.9)
      Inside the brackets if($reportTo) add, 
              if(($start.DayOfWeek) -eq "Thursday")
                  $reportSubject = "Password Expiry Report"
                  $reportBody = "Password Expiry Report Attached"
                      Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop 
                      $errorMessage = $_.Exception.Message
                      Write-Output $errorMessage
      So the report would only send on a Thursday.
    • Thank you Robert, I will give this a try and let you know how I go.
    • Thanks Robert, this is working well.
  • Expired on
    1 Posts | Last post September 27, 2018
    • Hi Robert,
      If I run the scripts, and i put the $expiredOn variable on the email, it's contains the following: 12/25/2018 09:07:00 and thats wrong.
      Any ideas why it is containts this value? I need the date of the expiring.
      If it could be formated nicely, that would be great!
      Thanks four your answer!
  • reportTo not working
    2 Posts | Last post September 19, 2018
    • Hi Robert P
      This script is fantastic! Thanks for taking your time to share it. I have it working in my environment except for the reportTo. Mail to users are flowing fine, but I never get the report.
      This is the command I'm using to run the script:
      PwdChgNotify_Users.ps1 -smtpServer -expireInDays 21 -from "Help Desk <>" -reportTo -interval 1,2,3,4,5,10,15,20
      Any help would be appreciated!
      Robert M
    • Once I added -Logging -LogPath "c:\logFiles" to my command, it works. 
      Thanks again for all your effort in making this public!!!
91 - 100 of 542 Items