Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days. I have now moved it to GitHub -

4.6 Star
87,762 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
  • Typo on line 19
    3 Posts | Last post December 02, 2013
    • Just a little correction: on line 19 in the if statement there's a typo. Instead of checking the variable PasswordPol it's looking for PassworldPol which results in it always sets the variable maxPasswordAge based on Defualt Domain Policy.
    • Oops will fix that!
    • Sweet, I forgot to say thank you for an awesome script, btw!
  • Why does it send duplicate alerts to some AD users?
    4 Posts | Last post November 28, 2013
    • First all, nice script and very useful!  been working fine.
      However, recently it seems to send duplicate alerts to some (not all) AD users.  Any ideas?
    • Are they actually duplicates, or is it possible the email for user A is forwarding to user B so they see a second reminder?
    • Hi Robert
      Yes they are duplicate messages and there is no forwarding between user A to User B.  The script has been working fine until now.  I am trying to trace the issue but any thoughts/ideas would be appreciated. Thanks.
    • Hi Robert
      I have downloaded the script again and modified accordingly.  The only thing i have added to the script is bcc details so we get a copy along with each user.  Tested and it seems to be working fine.  I will keep you updated if that changes.  So dont know what happened as it was working fine.
      Must thank you for good and useful script though.
  • update...ran ./password change notification.ps1
    3 Posts | Last post November 24, 2013
    • It ran without error.  I only changed:
      $from = ""
      $expireindays = 14
      I am not getting email though and I'm running from 2012 any suggestions?
      I also tried from 2008 and got the same thing where it runs fine but no email
    • You should try to manually send an email via PowerShell because it may due to settings on the mail server that the email was not sent / relayed.
    • Thanks for tips
  • UTF8-encoding
    2 Posts | Last post November 22, 2013
    • Hi!
      Awesome script, just deployed it at my workplace, after doing a couple of changes.
      To enable support for scandinavian characters such as øæå, I did the following:
      Added this to the top, in the configurable variables:
      $encoding = [System.Text.Encoding]::UTF8
      And changed Send-Mailmessage to include the set encoding:
      Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $encoding
    • Thats awesome!
  • Receiving the below error. Script runs, and I receive an email with the user and amount of days until expiration, but concerned about the error.
    2 Posts | Last post November 22, 2013
    • Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argument that i
      s not null or empty and then try the command again.
      At C:\it\scripts\PCN.ps1:43 char:61
      +     Send-Mailmessage -smtpServer $smtpServer -from $from -to <<<<  $emailaddress -subject $subject -body $body -bodya
      sHTML -priority High
          + CategoryInfo          : InvalidData: (:) [Send-MailMessage], ParameterBindingValidationException
          + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.SendMailMessage
    • How many errors do you get - is it possible that some users do not have email addresses?
  • Adding another email
    2 Posts | Last post November 22, 2013
    • Hi,
      Great script.  Got it working I was wondering how I could add an additional email to send to.  So it emails the user and also add a static email address to an admin so they know what user's have expiring password.
    • On the send mail line you can do this..
      Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -cc $cc -subject $subject -body $body -bodyasHTML -priority High
      Where $cc = the email address you want to use.
  • Getting an error
    5 Posts | Last post November 12, 2013
    • Some emails are being sent without a number of days in them.   It is just blank.  I get:
      Cannot convert argument "1", with value: "", for "op_Addition" to type "System.
      TimeSpan": "Cannot convert null to type "System.TimeSpan"."
      At C:\scripts\Password Change Notification.ps1:21 char:34
      +   $expireson = $passwordsetdate + <<<<  $maxPasswordAge
          + CategoryInfo          : NotSpecified: (:) [], MethodException
          + FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument
      New-TimeSpan : Cannot bind parameter 'End' to the target. Exception setting "En
      d": "Object reference not set to an instance of an object."
      At C:\scripts\Password Change Notification.ps1:23 char:51
      +   $daystoexpire = (New-TimeSpan -Start $today -End <<<<  $Expireson).Days
          + CategoryInfo          : WriteError: (:) [New-TimeSpan], ParameterBinding
          + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.PowerShell.Comm
      Any ideas?
    • Is it working for some and not others?
      Would be interested to know what is different about the accounts. You can contact me via my blog if you want to work together to solve the problem.
    • I am having this same issue. In fact it looks like all of my users received the email notice due to it not being able to either pull the data from the variables in or not able to calculate the $expireson = $passwordsetdate + $maxPasswordAge. 
    • Ok i have put the original version back for now - which should work fine but only against a default password policy.
      Need to investigate the issues with Fine Grained Policy - sorry for the inconvenience.
    • OK i think i may have fixed it.
      My error was thinking that "Get-AduserResultantPasswordPolicy $user" would return a value for all users, even those not affected by fine grained passwords.
      So, i have added some lines to check for that, and if a FGP is not present to apply the default domain password policy.
      That seems to work in my testing now - so id be happy to get your comments on that.
  • Windows Powershell in Windows 2012 and email not arriving
    2 Posts | Last post November 04, 2013
    • Have a test user in my domain and set their expiration date a week out.
      Changed settings as indicated leaving all else:
      $from = ""
      $expireindays = 21
      I manually pasted the script into Windows Powershell and it ends at 
      >> }
      I do not get an email, but given the expiration is next week this should work?
    • As per the other question i would rule out issues with using PowerShell to email manually.
  • Error with SBS 2008
    2 Posts | Last post November 04, 2013
    • I'm trying to use this on a SBS2008 server and when I run it in task scheduler, it stays in a run state and does nothing. When running in power shell I get the following error:
      Import-Module : The specified module 'ActiveDirectory' was not loaded because no valid module file was found in any module directory.
      I'm I missing a something like a feature/role? Under features, I have "Active Directory Domain Controller Tools" installed.
    • SBS 2008 does not have the AD PowerShell module, so you need to have a server 2008 R2 or better.
  • Simple Question
    2 Posts | Last post October 24, 2013
    • The script works well as is but I need to run it on a specific OU only. When I add the -SearchBase parameter, I get the following error:
      Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
      All I have added is the following:
      $users = get-aduser -filter * -SearchBase "OU=test,DC=UPS,DC=local" -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false } 
      any help would be greatly appreciated
    • when i run into issues like that i try to isolate the syntax and run it bit by bit.
      so i would start a new powershell window and run:
      get-aduser -filter *
      get-aduser -filter * -properties *
      get-aduser -filter * -properties * -SearchBase "OU=test,DC=UPS,DC=local"
      Try and narrow down where the issue lies.
      You may also find the DN of your OU is not correct.
531 - 540 of 542 Items