Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days. I have now moved it to GitHub - https://github.com/titlerequired/public

 
 
 
 
 
4.6 Star
(153)
89,028 times
Add to favorites
Active Directory
7/2/2020
E-mail Twitter del.icio.us Digg Facebook
  • Remote Server Not Available
    5 Posts | Last post August 31, 2018
    • So when I try to send with smtp server relay.appriver.com:2525 it says "Unable to connect to the remote server" is there a particular way to enter in the port?
    • Resolution: For every Send-mailmessage, I added -Port "2525" and it works great now. Thank you
    • BillyCryptoKid
      
      I am having this exact same issue.  Can you submit the working code?  
      
      Thanks
    • Resolved 
      
      I added the port parameter to position 1.
      
      Ex.
      
      param( 
          # $smtpServer Enter Your SMTP Server Hostname or IP Address 
          [Parameter(Mandatory=$True,Position=0)] 
          [ValidateNotNull()] 
          [string]$smtpServer, 
          # Port number to use for your SMTP server 
          [Parameter(Mandatory=$True,Position=1)] 
          [ValidateNotNull()] 
          [int] $port, 
          # Notify Users if Expiry Less than X Days 
          [Parameter(Mandatory=$True,Position=1)] 
          [ValidateNotNull()] 
          [int]$expireInDays, 
          # From Address, eg "IT Support <support@domain.com>" 
          [Parameter(Mandatory=$True,Position=2)] 
          [ValidateNotNull()] 
          [string]$from, 
          [Parameter(Position=3)] 
          [switch]$logging, 
          # Log File Path 
          [Parameter(Position=4)] 
          [string]$logPath, 
          # Testing Enabled 
          [Parameter(Position=5)] 
          [switch]$testing, 
          # Test Recipient, eg recipient@domain.com 
          [Parameter(Position=6)] 
          [string]$testRecipient, 
          # Output more detailed status to console 
          [Parameter(Position=7)] 
          [switch]$status, 
          # Log file recipient 
          [Parameter(Position=8)] 
          [string]$reportto, 
          # Notification Interval 
          [Parameter(Position=9)] 
          [array]$interval 
          ) 
      
      And for the script to run. I updated position 1 with the newly created parameter.  
       
      .\PasswordChangeNotification.ps1 -smtpServer example.domain.com -port 587 -expireInDays 21 -from "IT Support <support@domain.com>" -Logging -LogPath "C:\Scripts\PasswordResetEmail\Logs" -testing -testRecipient harbinsec@domain.com
      
      Finally, BillyCryptoKid, I used your advice, hunted through the body for the Send-MailMessage command, and added my parameter to each instance.  
      
      ex.
      
      Send-Mailmessage -smtpServer $smtpServer -port $smtpport -from $from -to $emailaddress -subject $subject -body $body
      
      Thanks for this awesome script!
      
    • Ok, I just noticed that I hadn't finished updating the parameters.  Here you go.  
      
      param( 
          # $smtpServer Enter Your SMTP Server Hostname or IP Address 
          [Parameter(Mandatory=$True,Position=0)] 
          [ValidateNotNull()] 
          [string]$smtpServer, 
          # Port number to use for your SMTP server 
          [Parameter(Mandatory=$True,Position=1)] 
          [ValidateNotNull()] 
          [int] $port, 
          # Notify Users if Expiry Less than X Days 
          [Parameter(Mandatory=$True,Position=2)] 
          [ValidateNotNull()] 
          [int]$expireInDays, 
          # From Address, eg "IT Support <support@domain.com>" 
          [Parameter(Mandatory=$True,Position=3)] 
          [ValidateNotNull()] 
          [string]$from, 
          [Parameter(Position=4)] 
          [switch]$logging, 
          # Log File Path 
          [Parameter(Position=5)] 
          [string]$logPath, 
          # Testing Enabled 
          [Parameter(Position=6)] 
          [switch]$testing, 
          # Test Recipient, eg recipient@domain.com 
          [Parameter(Position=7)] 
          [string]$testRecipient, 
          # Output more detailed status to console 
          [Parameter(Position=8)] 
          [switch]$status, 
          # Log file recipient 
          [Parameter(Position=9)] 
          [string]$reportto, 
          # Notification Interval 
          [Parameter(Position=10)] 
          [array]$interval 
          ) 
  • Smtp Error - It's imposible to contact remote server
    3 Posts | Last post August 30, 2018
    • Hello Robert
      
      Do you know why the server prompt : It's imposible to contact remote server when tryign to send a email.?
      
      
    • Robert
      
      Here your are the log
      
      PS C:\Users\florzon> C:\scripts\PasswordChangeNotificationvela.ps1 -smtpServer "smtp-relay.gmail.com" -expireInDa
      ys 15 -from "Password Reminder Network <flornzo@vela.com>" -Logging -LogPath "c:\scripts" -testing -testR
      ecipient "flornzo@vela.com" -status -reportto flornzo@vela.com -interval 0,1,2,5,8,10,12,14,15
      Script Loaded
      *** Settings Summary ***
      SMTP Server          : smtp-relay.gmail.com
      Expire in Days       : 15
      From                 : Password Reminder Network <flornzo@vela.com>
      Logging              : True
      Log Path             : c:\scripts
      Testing              : True
      Test Recipient       : flornzo@vela.com
      Report Recipient     : flornzo@vela.com
      Intervals            : 0 1 2 5 8 10 12 14 15
      *************************
      Found 159 User Objects
      Domain Default Password Age: 42
      Process User Objects
      159 Users processed
      35 Users with expiring passwords within 15 Days
      Sending Email : mrodriguez           : flornzo@vela.com
      The remote name could not be resolved: 'smtp-relay.gmail.com'
      Sending Email : camundaray           : flornzo@vela.com
      The remote name could not be resolved: 'smtp-relay.gmail.com'
      Sending Email : kzacuda              : flornzo@vela.com : Skipped - Interval
      Sending Email : lveraza              : flornzo@vela.com : Skipped - Interval
      Sending Email : rmedina              : flornzo@vela.com
      The remote name could not be resolved: 'smtp-relay.gmail.com'
      Sending Email : mbermejo             : flornzo@vela.com : Skipped - Interval
      Sending Email : fgarcia              : flornzo@vela.com : Skipped - Interval
      Sending Email : orojas               : flornzo@vela.com : Skipped - Interval
      Sending Email : msolano              : flornzo@vela.com
      The remote name could not be resolved: 'smtp-relay.gmail.com'
      Sending Email : cramirez             : flornzo@vela.com : Skipped - Interval
      Sending Email : agallo               : flornzo@vela.com
      The remote name could not be resolved: 'smtp-relay.gmail.com'
      
    • Robert
      
      from my server i tried to ping smtp-relay.gmail.com and it doesn't works fine. I can´t also connect with telnet and port 25. Issue was a general problem with the firewall between server and provider.
      
      Server was authorized into the firewall, now your server are able to send mails, scripts works fine now.
      
      
  • -command is not recognized as the name of a cmdlet
    2 Posts | Last post August 29, 2018
    • Hello Robert
      
      I trying to run the scritp with a task schedule like you describe in your video in youtube but I can´t do it well.
      
      When I run the script with powershell prompt, I have the same mensage error 
      
      -command is not recognized as the name of a cmdlet.....
      
      Do you have any idea, how to resolve it?
      
      Thanks a lot 
    • Hello Robert
      
      I can fix it my issue, but now the system says: it is not possible to connect to the remote server
      
      scripts trys to send the email but we got this error 
  • Smtp Error - Sending Email - Invalid credentials for relay
    3 Posts | Last post August 28, 2018
    • Hello Robert,
      
      First of all I want to say THANKS for such a great script!  what a time saver!
      
      I also want to apoliogize if I cover something that was addressed in the previous more than 300 comments, I have not read through all the comments. (can I search them?).  
      
      I configured the script to send email tru g suite servide (smtp-relay.gmail.com), I followed all intruction in powershell email password reminder smtp video (https://www.youtube.com/watch?v=_-JHzG_LNvw&t=13s), but I can´t do that my email will be send to my testRecipient and users,
      
      The system always prompt the following:  5.7.1 Invalid credentials for relay [xxx.xx.xx.x]. The IP address you've in the powershell console, each time the script runs
      
      Do you have any ideo how to resolve it?
      
      Juan Berríos.
    • Sounds like invalid credentials in that case.
    • Thanks a lot Robet
  • Password Expiry Notification with SCOM
    1 Posts | Last post August 28, 2018
    • Hi 
      
      Great script. And it works.
      My question may not be in the scope here.
      I try to find out if some one have documented a solution where a similar script trigger a warning/ alert in SCOM. 
      
      If anyone have a tip it would be great.
      
      Erik B
  • Cannot call a method on a null-valued expression.
    5 Posts | Last post August 23, 2018
    • Hello,
      
      I'm having an issue with the script. It does work however. Is there a typo? I checked mine with the original and it seems to be fine. I did add this Get-ADGroup Member code to mine from the video.
      
      # Create Array to Store Users
      $users = @()
      
      #Create Array to Store Groups
      $groups = @(
      "My Group"
      )
      
      #Query Each Group for Group Members
      foreach ($group in $groups)
      {
          $members = Get-ADGroupMember $group
          foreach ($member in $members)
                  {
                      $user = Get-ADUser $member -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress
                      $users += $user
                  }
      }
      
      
      You cannot call a method on a null-valued expression.
      At C:\scripts\PasswordChangeNotification.ps1:178 char:5
      +     $expireson = $pwdLastSet.AddDays($maxPasswordAge)
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
          + FullyQualifiedErrorId : InvokeMethodOnNull
    • Without seeing the rest of the changes, it would be difficult, however this error is telling you it cannot work out the date the password expires.
    • Robert,
      
      Here is the file.
      https://file.io/1ICgBN
      
      Thanks,
    • keep getting file not found.
    • Oh im sorry. Try this one.
      https://ufile.io/y4lwv
      
  • Adding addition field to support email and log file
    3 Posts | Last post August 23, 2018
    • Hi this is an amazing script!  I have been combing through the q and a section and have been able to get all my other questions answered except this last little configuration.  Due to our environment being spread all over the US we find it helpful to include the OU a user is in, only for the reporting part of course to help our Desktop Support staff be able to quickly know which office a user is in should they need assistance.  And in addition to that, the whole path is somewhat obnoxious so working to filter out all the extra not useful info and just get the specific OU the user is in say for example the OU named "South Carolina Users" instead of the entire DN.    
      
      I've been able to use the DistinguishedName property to pull out the complete OU path and I'm able to strip out what I want and get it to display correctly in the powershell window, but the excel file still has the entire path...  I feel like I'm really close...  
      
      what I have added is near the end of the script, I added this to the line.
      $notifiedUsers | select UserName,Name,EmailAddress,PasswordSet,DaysToExpire,ExpiresOn, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}} | sort DaystoExpire | FT -autoSize
      
      I also added this in 
      $userObj | Add-Member -Type NoteProperty -Name DistinguishedName -Value $DistinguishedName
      
      any input is appreciated!  
      
      
    • You could do something like..
      
      $userOU = $user.DistinguishedName.split(',')[1].split('=')[1]
      $userObj | Add-Member Type NoteProperty -Name OUPath -Value $userOU
      
      Then just make sure to include OUPath when exporting your CSV.
    • Thank you!!!  That was the missing link!  
  • Email going to Junk in Outlook
    2 Posts | Last post August 22, 2018
    • Hi Robert,
      
      First, this script is awesome is working well other than one small thing. The emails are always going to Junk in Outlook. We've used the default HTML and a customized HTML body and both are ending up in Junk. 
      
      We haven't gone down the road of using a SafeSender list. We are using the unauthenticated method of sending SMTP to Office 365.
      
      Is there something you can think of that we can do to the email method itself to avoid Junk?
      
      Any suggestions?
    • Solved - Sorry for the bother. We added it as a safe sender in Office 365 Spam protection and it worked immediately. 
  • Email
    2 Posts | Last post August 22, 2018
    • Robert, 
      
      This works great, Thanks for the time you have spent on this.
      
      I have a few security accounts that do not have email accounts.  
      And do not want to populate that field and create an account.
      
      Can you point or use a different AD attribute to pull an email address from?
      
      Possibly:
      msExchAlternateMailboxes  or some other unused attribute ???
      
      Example,
      
      Bob points to email Bob@xyz.com
      AdminBob1 points to email Bob@xyz.com
      AdminBob2 points to email Bob@xyz.com
      AdminBob3 points to email Bob@xyz.com
      
      
      
    • You can yes, you would have to include those properties in the -properties paramter of Get-ADuser, you would then need to add in a check so that is $user.emailAddress was empty it would check one of the other properties.
  • Date and time when the password expires
    3 Posts | Last post August 22, 2018
    • Hello Robert, I do not have much experience with Powershell. Your script works great, it's very helpful. I need little help, I would like to see the exact date and time when the password expires in the e-mail message that the organization's user receives. Something like this: Your password will expire 06/27/2018 at 12:30. Or in a similar format.
      Could you help me add a record in the script to get that information and put it in an email?
      Thank you in advance
    • Line 127 = $expiresOn
      
      At that line, $expiresON is that exact date and time the password expires, we then manipulate the value a bit so it is easier for a human to read.
      
      I try to explain it a bit in this video,
      
      https://www.youtube.com/watch?v=az_POurjDmQ
    • Hi Robert, thank you for your answer. Could you write to me what this line of code (line 127) should look like, so that the exact password expiration date appears in the mail? I'm not very good at PowerShell and every time I try to modify it, I get errors and these changes do not work.
      Thank you in advance.
111 - 120 of 542 Items