I get prompted to enter the parameters each time I run. Is there something I am missing? # $smtpServer Enter Your SMTP Server Hostname or IP Address [Parameter(Mandatory=$True,Pos ition=0)] [ValidateNotNul l()] [string]$smtpSe rver= "NSG-EX16.nsgdm .local", # Notify Users if Expiry Less than X Days [Parameter(Mand atory=$True,Pos ition=1)] [ValidateNotNul l()] [int]$expireInD ays = "14", # From Address, eg "IT Support <support@domain .com>" [Parameter(Mand atory=$True,Pos ition=2)] [ValidateNotNul l()] [string]$from = "NSG-INC Administrator <Administrator@ NSG-INC.com", [Parameter(Posi tion=3)] [switch]$loggin g, # Log File Path [Parameter(Posi tion=4)] [string]$logPat h, # Testing Enabled [Parameter(Posi tion=5)] [switch]$testin g ="Enabled", # Test Recipient, eg recipient@domai n.com [Parameter(Posi tion=6)] [string]$testRe cipient = "lanrmadm@NSG-I NC.com", # Output more detailed status to console [Parameter(Posi tion=7)] [switch]$status , # Log file recipient [Parameter(Posi tion=8)] [string]$report to, # Notification Interval [Parameter(Posi tion=9)] [array]$interva l
So I have watched the video on SMTP Authentication, and I have followed exactly. Generated the SecureString text file and reconfigured the script accordingly. However when I run the command no emails happen. I get this error: "Cannot process argument transformation on parameter 'Credential'. Access is denied" I am not sure what I am doing wrong to get this access denied and where the access is being denied at. Any help is appreciated. Thanks! Jason
Are you able to create the credential object separately from the script? $savedString = "<path to saved password>" $pass = Get-Content $savedString | ConvertTo-SecureString $username = "my user name" $cred = New-Object System.Manageme nt.Automation.P SCredential($us ername,$pass) If you use that, what happens?
@RobertPearman - I copied that into the script and commented out the original Secure Password section and re-ran as a task and was still presented the same error. I did take the domain name out for some security. "in 50 days.","Admin","Admin","Admin@ MYDOMAIN.com"," 1/3/2019 9:25:21 AM","50","4/3/2 019 9:25:21 AM","Cannot process argument transformation on parameter 'Credential'. Access is denied" Some other information that might be helpful is that I am running version 2.9 (August 2018) of the script, and that I have done little to no customization to the script other than the Email Body in it. One thing that I did notice when I just googled the error before asking in thread here (yes I know Googling isn't always helpful) is that with PowerShell 5.0 and above that the Credential flag works differently or not at all. Maybe that could be a cause? Here is my PowerShell version running on Windows Server 2012 R2 is: PS C:\Windows\syst em32> $PSVersionTable .PSVersion Major Minor Build Revision ----- ----- ----- -------- 5 1 14409 1005 If you like Robert, I can share my email with you and we can take this off thread if you prefer and I can share anything needed to help troubleshoot...
Thanks - sent you an email via that direction with mine - look forward to working with you!
For this script , i tried with testing. After testing is done. I want to send it to the end users. So i disabled the Testing. after i ran the script, the email is not sending to the end users, its sending to the test receipt. Please help me. Thank you.
Script is working great, automates out through scheduled task just fine. Only problem I am having appears to be the output email. I have it set to begin deliverying notifications 14 days out from expiration. When looking at the DaysToExpire column in the log it reflects negative numerical values and appears to be delivering "Your password will expire" instead of "Your password will expire in X days". Whats the best way to go about resolving that?
foreach ($user in $notifyusers) { if(($user.DaysToExpire) -gt 0 ) { # put the rest of the notification in here } } }
Script is working great, automates out through scheduled task just fine. Only problem I am having appears to be the output email. I have it set to begin deliverying notifications 14 days out from expiration. When looking at the DaysToExpire column in the log it reflects negative numerical values and appears to be delivering "Your password will expire" instead of "Your password will expire in X days". Whats the best way to go about resolving that?
Negative values usually suggest an issue with the password policy, ie that the user has not changed their password since the policy was applied. But if you want to avoid negative values in the email notifications, you can add a section to the notification around like 213, and enclose everything else inside that. foreach ($user in $notifyusers) { if(($user.DaysToExpire) -gt 0 ) { # put the rest of the notification in here } } }
So the problem is avoiding sending to negative values period. Right now I have people who set their passwords recently and are still getting notified. Also looks like line 213 would be in the middle of the message body. Here is a link to a cap of the log that reflects that behavior: https://1drv.ms/u/s!AoW4K425h7 VNh_htcxDi-22cM a7dbQ
Sorry im looking at my development one, not the current version you have. 211 # Process notifyusers 212 foreach ($user in $notifyUsers) 213 { Do you have multiple DCs in your environment? Im wondering if it is running get-aduser against a different DC and getting a different result on the pwdlastset value. I think to try and troubleshoot that you would need to pick a user who has this issue, then work out what the script is doing at each stage. $defaultMaxPasswordAge = (Get-ADDefaultD omainPasswordPo licy -ErrorAction Stop).MaxPasswo rdAge.Days $user = Get-AdUser troubleUser -properties * $pwdLastSet = $user.PasswordL astSet $maxPasswordAge = $defaultMaxPass wordAge $PasswordPol = (Get-AduserResu ltantPasswordPo licy $user) if (($PasswordPol) -ne $null) { $maxPasswordAge = ($PasswordPol). MaxPasswordAge. Days } $expireson = $pwdLastSet.Add Days($maxPasswo rdAge) $daysToExpire = New-TimeSpan -Start $today -End $Expireson $expiresOn $daysToExpire That should give you the same value the script has when it runs.
Thanks for the reply, multiple DC's in play. Will take that new info back to the drawing board.
I would expect that attribute to be fully replicated to all DCs (essentially, or pulled out of a GC etc) and i just compared a couple of multi dc environments and they all appear to show the same dates, still, am interested to hear what you find.
Does this error message indicate the server is not an Admin Server? The script works perfectly, but my output log indicates "Unable to connect to the remote server". Nor am I receiving the test email. Could you please help? Thank you!
Hi ! This script is awesome, I use it in a production enviromnent, but since we are located in Europe we use the dd/MM/YYYY hh:ss date format, and when the script is launched, users get "01/28/2019 19:47:27" - in EN-US it's related to MM/dd/yyy. As I run the script in windows 2012 environment my locale is set to EN-US, don't know how to change it: When I type: ([DateTime]::Now).ToString() I get 25-01-19 12:00:28 Also in the script itself, I see: $start = [datetime]::Now But don't know how to change the format from MM/dd/yyyy hh:ss to dd/MM/yyy hh:ss Could you help me please ? Regards,
Date formatting can be a pain. You can always set it like this, $newFormat = get-date -format dd/MM/yyyy It is worth noting though that if you want to display it to the user in a more familiar way (dd MM yyyy) you really only need to format it at the point of display. So if you are putting into the email body.. prior to $body set the date variable to the format you want it. $displayDate = get-date $expiresOn -format "dd/MM/yyyy ss:mm:hh" $body = " Hello your password expires on $displayDate" Hope that helps.
Great ! Thanks for help ! It's working :) In case someone needs that, I paste here the changed code ------------------------------ --------------- --------------- --- # Email Address $samAccountName = $user.UserName $emailAddress = $user.EmailAddr ess # Set Greeting Message #$ExpiryTime=$u ser.ExpiresOn $displayDate = get-date $user.expiresOn -format "dd/MM/yyyy hh:mm" $name = $user.Name $messageDays = $user.UserMessa ge # Subject Setting $subject="Your password will expire $messageDays" # Email Body Set Here, Note You can use HTML, including Images. # examples here https://youtu.b e/iwvQ5tPqgW0 $body =" <font face=""verdana" "> Dear $name, <p> Your password will expire $messageDays at $displayDate <br> --------------- --------------- --------------- --------------- --------------- - Regards,
Hello, Is there a way to add an office location Column to the Password Expiry report? Thanks!
OK, so that would be available as $user.Office After line 199 add this.. $userObj | Add-Member -Type NoteProperty -Name Office -Value $user.Office
Entries for all those columns and adding the line doesn't change any of this: Username Name EmailAddress PasswordSet DaysToExpire ExpiresON SendMail
Did you add it before or after this? # Add userObj to colusers array $colUsers += $userObj
Was that the line you were referring to when you said after line 199?
The script works great but I get an error that says "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated" What can I do to fix this? This is O365 AD Hybrid server
I got it working but I did not get an email but the log file says it went through
Hi I have an issue when the emails are not being sent out to users or to test recipient. The log file says ok under send Mail and when I check status in powershell sending Email see below log file output and powershell status. Note testing was enabled for this UserMessage UserName Name EmailAddress PasswordSet DaysToExpire ExpiresOn SendMail in 15 days. John.dow John.dow John.dow @GG.com 2018-08-06 02:51:22 PM 15 2019-02-02 02:51:22 PM OK Sending Email : John.dow : it@GG.com