Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

4.6 Star
81,209 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
Sign in to ask a question

  • can't change date format
    3 Posts | Last post January 28, 2019
    • Hi ! This script is awesome, I use it in a production enviromnent, but since we are located in Europe we use the dd/MM/YYYY hh:ss date format, and when the script is launched, users get "01/28/2019 19:47:27" - in EN-US it's related to MM/dd/yyy. 
      As I run the script in windows 2012 environment my locale is set to EN-US, don't know how to change it:
      When I type:
      I get
      25-01-19 12:00:28
      Also in the script itself, I see:
      $start = [datetime]::Now 
      But don't know how to change the format from MM/dd/yyyy hh:ss to dd/MM/yyy hh:ss
      Could you help me please ?
    • Date formatting can be a pain.
      You can always set it like this,
      $newFormat = get-date -format dd/MM/yyyy
      It is worth noting though that if you want to display it to the user in a more familiar way (dd MM yyyy) you really only need to format it at the point of display.
      So if you are putting into the email body.. prior to $body set the date variable to the format you want it.
      $displayDate = get-date $expiresOn -format "dd/MM/yyyy ss:mm:hh"
      $body = "
      Hello your password expires on $displayDate"
      Hope that helps.
    • Great ! Thanks for help ! It's working :)
      In case someone needs that, I paste here the changed code
      # Email Address
          $samAccountName = $user.UserName
          $emailAddress = $user.EmailAddress
          # Set Greeting Message
          $displayDate = get-date $user.expiresOn -format "dd/MM/yyyy hh:mm"
          $name = $user.Name
          $messageDays = $user.UserMessage
          # Subject Setting
          $subject="Your password will expire $messageDays"
          # Email Body Set Here, Note You can use HTML, including Images.
          # examples here 
          $body ="
          <font face=""verdana"">
          Dear $name,
          <p> Your password will expire $messageDays at $displayDate <br>
  • Office Location to Report
    11 Posts | Last post January 25, 2019
    • Hello,
      Is there a way to add an office location Column to the Password Expiry report? Thanks!
    • Is that info stored in your AD?
    • Yes, it is under Office field of the General tab.
    • OK, so that would be available as $user.Office
      After line 199 add this..
      $userObj | Add-Member -Type NoteProperty -Name Office -Value $user.Office
    • I added it, ran it and did not do anything on the report.
    • what do you get on the report then?
    • Entries for all those columns and adding the line doesn't change any of this:
      Username Name EmailAddress PasswordSet DaysToExpire ExpiresON SendMail
    • Did you add it before or after this?
      # Add userObj to colusers array
          $colUsers += $userObj
    • After, line 199 is: $samAccountName = $user.UserName
    • Was that the line you were referring to when you said after line 199?
    • Just on a new line, after 199 should be ok.
  • Email error
    5 Posts | Last post January 24, 2019
    • The script works great but I get an error that says "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated"
      What can I do to fix this?  This is O365 AD Hybrid server
    • I got it working but I did not get an email but the log file says it went through
    • Check the Exchange Online mail logs.
    • Okay thanks,
      How often do you need to schedule this script to run?
    • As often as you like.
  • Emails not sent even if they show ok on the log file and status
    2 Posts | Last post January 19, 2019
    • Hi 
       I have an issue when the emails are not being sent out to users or to test recipient. The log file says ok under send Mail and when I check status in powershell sending Email see below log file output and powershell status. Note testing was enabled for this  
      UserMessage	UserName	Name	EmailAddress	PasswordSet	DaysToExpire	ExpiresOn	SendMail
      in 15 days.	John.dow 	John.dow 	John.dow	2018-08-06 02:51:22 PM	15	2019-02-02 02:51:22 PM	OK
      Sending Email : John.dow :
    • Check the SMTP logs of your mail server.
  • Exclude accounts that are -xxxx days
    9 Posts | Last post January 17, 2019
    • Hi
      How can we exclude users that have never expiring password without "Neverexpirepassword" enabled? There also get emails now. Should be excluded.
    • Depends how they have been set with never expiring passwords?
    • I have OUs with
      GPO password expire is 0 never expires. 
      And OUs fine grained password policy with 90days expire.
      Now the GPO password pol users also receive the email.
    • Are those users in a group or OU that could be targeted? 
    • What I have is 
      $users = get-aduser -SearchBase "OU=Companies,DC=domain,DC=local" .........
      In here I have OUs that have GPO 0 days expire or Fine grained pwd pols.
      GPO accounts have like -40 days but they dont expire. Cause of the GPO and checkbox PWD expired in AD is not enabled. These users should be skipped from mailling.
    •  hide all 
      Owner SPINWARE\Domain Admins 
      Created 25-2-2014 16:13:44 
      Modified 24-3-2017 12:08:40 
      User Revisions 0 (AD), 0 (SYSVOL) 
      Computer Revisions 27 (AD), 27 (SYSVOL) 
      Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9} 
      GPO Status Enabled 
      Location Enforced Link Status Path 
      spinware No Enabled 
      This list only includes links in the domain of the GPO.
      Security Filteringhide
      The settings in this GPO can only apply to the following groups, users, and computers:Name 
      NT AUTHORITY\Authenticated Users 
      These groups and users have the specified permission for this GPOName Allowed Permissions Inherited 
      NT AUTHORITY\Authenticated Users Read (from Security Filtering) No 
      NT AUTHORITY\SYSTEM Edit settings, delete, modify security No 
      Computer Configuration (Enabled)hide
      Windows Settingshide
      OUs with this GPO never expire and dont get the checkbox Expired.
      Computer Configuration --> Policies --> Security Settings --> Account Policies/Password Policy --> Policy Setting 
      Maximum password age 0 days 
      Minimum password age 0 days 
    • Pasted too much info can you remove last reply of mine :)
    • No, im afraid i cannot delete any comments from here, only Microsoft can.
    • There is a question from October 11, 2018, that explains how to filter out certain OUs.
  • "Skipped - Interval"
    12 Posts | Last post January 15, 2019
    • Whether I run this interactive or as a scheduled task, it is skipping the emails.  In the logfile, under the "SendMail" header, it shows "Skipped - Interval" even for those users that fall into the interval list. I see some users that have 21 and 5 days being skipped.
      PowerShell.exe -NoProfile -NoLogo -ExecutionPolicy Bypass -File "C:\temp\PasswordChangeNotification.ps1" -smtpServer <SERVERNAME> -expireInDays 21 -from "<EMAILADDERSS>" -Logging -LogPath "c:\logFiles" -interval 1,2,5,10,15
    • Without the -interval parameter it sends a message to all users with and expiry of 21 days or less.
    • When you use the interval, it will only notify people whose date is set in the interval.
       -interval 1,2,5,10,15
      Would be users whose password expires in 1, 2, 5, 10 or 15 days exactly.
      21 days would be excluded
      if someone has a value of 5 days and that is also excluded, that sounds like an error.
      Can you share the log file?
    • In fact I'm having exaclty the same problem. Just started testing this awesome script!
      For example, -exireInDays 60 and -interval 1,3,40
      I know these are strange numbers, but that is because I'm testing.
      The user's password expires in 40 days, but no email is sent.
      Log output:
      "in 40 days.","testuser","testuser",,"7-1-2019 14:21:51","40","18-2-2019 14:21:51","Skipped - Interval"
    • Are you also using powershell -file, rather than powershell -command ?
    • Yes, using -file.
      It seems it does not take "1,3,40" as an array. If I use -interval 40 (single value) then it works correctly.
    • Logfile Output
      UserMessage	UserName	Name	EmailAddress	PasswordSet	DaysToExpire	ExpiresOn	SendMail
      in 15 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/31/2018 14:47	15	1/29/2019 14:47	Skipped - Interval
      in 21 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	11/6/2018 9:36	21	2/4/2019 9:36	Skipped - Interval
      in 21 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	11/6/2018 12:52	21	2/4/2019 12:52	Skipped - Interval
      in 5 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/21/2018 8:12	5	1/19/2019 8:12	Skipped - Interval
      in 15 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/31/2018 15:03	15	1/29/2019 15:03	Skipped - Interval
      in 21 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	11/6/2018 20:44	21	2/4/2019 20:44	Skipped - Interval
      in 10 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/26/2018 16:59	10	1/24/2019 16:59	Skipped - Interval
      in 21 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	11/6/2018 15:34	21	2/4/2019 15:34	Skipped - Interval
      in 21 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	11/6/2018 8:29	21	2/4/2019 8:29	Skipped - Interval
      in 15 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/31/2018 14:15	15	1/29/2019 14:15	Skipped - Interval
      in 15 days.	<hidden>	<hidden>	<hidden>@<emailaddress>.org	10/31/2018 12:09	15	1/29/2019 12:09	Skipped - Interval
    • So for now, I am just setting the -expireInDays 15 and letting it setting the mail every day by removing the -interval option.
    • The problem was with the "-file" parameter. Somehow it does parse an array like "7,3,1".
      Now I'm using this commandline which works fine:
      powershell -Command PasswordExpiredNotify.ps1 -smtpServer .... -expireInDays 7 -from -interval 7,3,1
    • The daysToExpire is not an array, its a string, so we need to split it into an array. Also we compare strings to int.
      Go to the section:
              # If using interval parameter - follow this section
      Change this:
                  # check interval array for expiry days
                  if(($interval) -Contains($daysToExpire))
      To this:
                  # check interval array for expiry days
                  if(($interval.split(",")) -Contains($daysToExpire.toString()))
      This worked for me.
    • I of course meant that $interval is not an array, but a string. Doh.
    • I think that is the case if you use -file rather than -command when launching the script.
  • Add the date and time when expiring in the email
    3 Posts | Last post January 12, 2019
    • Thank you Robert doe the great script. It is working fine for us.
      We have a request to add the date and time when the password will expire. 
      What do I need to change/add to the script to accomplish this?
      Thank you for your work!
    • You can modify $body to include anything you like.
      The date would be stored in $user.expiresOn however if you add that into $body it may not be formatted exactly like you want it to be.
      So, like $messageDays you may need to format it in a new variable first.
    • Thank you I got it. 
      Under  #Set Greeting Message 
      add: $ExpiryTime = $user.ExpiresOn
      Call in the email template.
  • PS Newbie Question
    2 Posts | Last post January 10, 2019
    • I have updated variables but script doesn't seem to work.  For examplee:
       [string]$smtpServer = "",
      but when I run the script manually .\script.ps1 I'm getting prompted for smtp, daystoexpired, and a few other items.
      What am I doing wrong?
      I see examples, note Darren Brinksneader comments were you call PS and pass variables so I'm a little confused.
      Any pointers would be greatly appreciated.
    • Have a look at this video,
  • Prevent sending mail to IT Support when no user has expiring password
    1 Posts | Last post January 05, 2019
    • Thank you for this great script!
      To prevent sending mail to the -reportTo parameter mail address (likely to be IT Support) when there is no user with expiring password within time limits set, I have added an exit when $notifyCount = 0:
      Write-Output "$notifyCount Users with expiring passwords within $expireInDays Days"
      If ($notifyCount -eq 0)
      	{	"No users need to be notified, exit script to prevent status mail to IT Support"
      # Process notifyusers
  • Attaching a file to the sender email
    3 Posts | Last post January 04, 2019
    • Hi,
      I've been using this script for quite some time and is awesome. It's a relief to our Helpdesk Team, but I need to add an attach to the users with some information and I can't figure out the way.
      Can you help me?
      PS: I'm using the Version 2.2 February 2017
    • Send-MailMessage has a -attachment parameter, you just enter the path of the file you want to attach.
    • I was putting the command in a wrong place. It's already fixed and working.
61 - 70 of 536 Items