Hi Robert, Thanks for the script it helps a lot for me! But I wonder I did set $testing = "Disabled" and $testRecipient = "<MY emailaddress>" I run script and it isnt going to send to $emailaddress<the user's email address> even though user account has email address.. I'm the only one can receive report and notification email. Did I make wrong? I only add or change value as belows: # Set Output Formatting - Padding characters $padVal = "90" $smtpServer = "domain.XX.xxx" $expireInDays = "90" $from = "<EMAIL>" $logging = "Enabled" $logPath = "D:\PasswordExp irationNoti" $testing = "Disabled" $testRecipient = "<MYEMAIL>" $reportto = "<MYEMAIL>" $interval = 1,2,5,10
Hi Robert, First of all thanks for the script is exactly what I was looking for, I'm having an issue that maybe you can help me, Whenever I run the script after I adjust to my company details I get this msg: C:\Scripts\PasswordChangeNotif ication.ps1 : Cannot process argument transformation on parameter 'logging'. Cannot convert value "System.String" to type "System.Managem ent.Automation. SwitchParameter ". Boolean parameters accept only Boolean values and numbers, such as $True, $False, 1 or 0. + CategoryInfo : InvalidData: (:) [PasswordChange Notification.ps 1], ParentContainsE rrorRecordExcep tion + FullyQualifiedE rrorId : ParameterArgume ntTransformatio nError,Password ChangeNotificat ion.ps1 Any idea what the issue can be?
Hi Robert thanks for a great script ,appreciate the work involved in setting it up. I have an issue running the script in task scheduler. It works fine through powershell. When I run it in task scheduler it appears to run successfully, result (0x0), but it does not create a new log file or appear to send any email. Here are the parameters -ExecutionPolicy Bypass -File c:\gosys\passwo rdchangenotific ationnew.ps1 -smtpServer aaa-com-au.mail .protection.out look.com -from "IT Support <adminnoreply@g osys.com.au>" -expireInDays 15 -logging -logPath 'C:\GoSys' -interval 14,7,3,2,1
get-aduser : Unable to find a default server with Active Directory Web Services running. At E:\python-script\PasswordChang eNotification.p s1:132 char:10 + $users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverE ... + ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ + CategoryInfo : ResourceUnavail able: (:) [Get-ADUser], ADServerDownExc eption + FullyQualifiedE rrorId : ActiveDirectory Server:1355,Mic rosoft.ActiveDi rectory.Managem ent.Commands.Ge tADUser Found 0 User Objects Get-ADDefaultDo mainPasswordPol icy : Unable to find a default server with Active Directory Web Services running. At E:\python-scrip t\PasswordChang eNotification.p s1:137 char:27 + ... swordAge = (Get-ADDefaultD omainPasswordPo licy -ErrorAction Stop).MaxP ... + ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~ + CategoryInfo : ResourceUnavail able: (BIZWESTAD:ADDe faultDomainPass wordPolicy) [Get-ADDefaultD omainPassw ordPolicy], ADServerDownExc eption + FullyQualifiedE rrorId : ActiveDirectory Server:1355,Mic rosoft.ActiveDi rectory.Managem ent.Commands.Ge tADDefaultDom ainPasswordPoli cy
Sounds like you have an older domain, maybe 2008? You need AD Web Services in able to use PowerShell AD Cmdlets. https://blogs.msdn.microsoft.c om/adpowershell /2009/04/06/act ive-directory-w eb-services-ove rview/
Hi Robert Thanks for the reply , We are using active directory on windows 2016 . also ADW service was not running , i started it . but still its not working . when i try to execute the command from powershell it returns below error PS C:\Users\administrator.BIZWEST AD> Get-ADUser -filter * -SearchBase 'OU=Users,DC=BI ZWESTAD,DC=INFO ' -Server 'Inacti veClientData_SQ L:636' Get-ADUser : Server instance not found on the given port. At line:1 char:1 + Get-ADUser -filter * -SearchBase 'OU=Users,DC=BI ZWESTAD,DC=INFO ' - ... + ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~ + CategoryInfo : InvalidArgument : (:) [Get-ADUser], ArgumentExcepti on + FullyQualifiedE rrorId : ActiveDirectory Cmdlet:System.A rgumentExceptio n,Microsoft.Act iveDirectory.Ma nagement.Comm ands.GetADUser
You need to refine your Get-ADuser query so that it returns results.
The script relies on results from Get-AdUser. If your get-aduser command produces an error, or no results then the script has no data to work with. Get-ADUser -filter * -SearchBase 'OU=Users,DC=BIZWESTAD,DC=INFO ' -Server 'InactiveClient Data_SQL:636' So your command is generating an error from the -server parameter. Is this actually your server address? 'InactiveClient Data_SQL:636' What if you omit that parameter, does it return results?
Anyway to filter this to only look at accounts in a specific group rather than the whole domain?
Yes, easy. This was made for the earlier version, but the method still works. https://www.youtube.com/watch? v=4CX9qMcECVQ
Great script - it runs fine within powershell however its doenst run when i put it into task scheduler this is the command im entering -Command "d:/scripts/PasswordChangeNoti fication.ps1 -smtpServer nhex03 -expireInDays 21 -from 'IT Support<noreply @etelimited.co. uk' -reportTo paul.webber@ete limited.co.uk -status -interval 1,2,5,7,15"
d:/scripts/PasswordChangeNotif ication.ps1 try d:\scripts\Pass wordChangeNotif ication.ps1
I get a . on the subject line of the email, not sure how to get rid of it . any help or pointers as to how to get the period off the subject line .
just a "." or is that included in the subject? what is $subject set to? on the send-mailmessage line, what is -subject set to?
Great script. Log File is showing Sendmail = Ok, but there is no email send when using the -interval option. Powershell.exe -Command C:\Path\PasswordChangeNotifica tion.ps1 -smtpServer smtp.server.nl -expireInDays 28 -from "helpdesk@domai n.com" -Logging -LogPath "C:\path\LogFil es" -testing -testRecipient test@domain.com -interval "0,1,7,14,28"
Great script, been using it for several months now and the amount of requests from users who are locked out because they didn't change their password in time has decreased. However, I just noticed that some folks aren't getting the notification because their email domain is not the same as the primary domain. My AD domain is mycompany.int. User log-in accounts are first.last@mycompany.com, or a subsidiary company first.last@othe rcompany.com. I happen to have @othercompany.c om for my email address. I received the pop-up to change my password as it was expiring in the taskbar, so I do get Windows alerts. I did not notice my address in the daily password report I run, and I also noticed no other users with @othercompany.c om addresses have appeared. I think they did at one time, and so maybe it's an O365 change, as I didn't make a change in your script. Would there be some reason why your script only sends to @mycompany.com email addresses? The account I use to send the alerts to users and the daily report is password.remind er@mycompany.co m. The only time an email wasn't sent out was when the email field of the user account was blank. Any way to make sure all users, even the @mycompany.int ones, which I know will fail, will get an email? The @mycompany.int accounts are admin accounts, and I can email those user's regular account to let them know to change the admin account password. Thanks again for the great script.
It will attempt to send the message to whatever $emailAddress is set as. The log should tell you what address the notification was sent to, or attempted to be sent to. It is possible if the domain is external it wont allow you to relay emails, and you will need to use authentication.
Log doesn't show attempts to send to any of the @othercompany.com domains - they are still internal, just another domain on the DC. Users with the @othercompany.c om domain are mixed in the same OU, so it's not having to check a specific one. Is there a way to run the script to check for a specific user? Then I see if it finds the handful of @othercompany.c om users.
Might need more info on your environment. Are all your email domains on Office 365? Are all the email addresses stored in AD?
Sorry for late reply. Email domains on O365, email addresses stored in the "E-Mail Address" field on local AD. I run the script from the DC as well.
Are you able to use powershell send-mailmessage to email that domain seperately to the script?
Yes, Tried a test message to @othercompany.com from password.remind er@mycompany.co m, and it came through. I get the daily reports as well, and my email is myemail@otherco mpany.com.
hi Robert I will be trying your script for first time If I run the script with 'testing' enabled and specify a 'testrecipient' then the script will send mail only to the test recipient with the list of users that will be sent reminder mail ? thanks
It should send the individual emails that would otherwise go to each user, to the test recipient.