Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(153)
80,463 times
Add to favorites
Active Directory
8/7/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Keep sending email to expired accounts
    2 Posts | Last post December 12, 2018
    • Is there a way to configure the script so it will continue to send emails even after the password has already expired (so days to expire is in the negatives)?
      
      Obviously the fact that the account has an expired password and is able to remain in that state without it changing is an issue of its own, however before we can make the change I was hoping to setup some 'nagging' for users to change their passwords.
      
      Thanks!
    • Once it has expired a user would not be able to login, so the system would nag them itself.
  • only 10 email sent
    4 Posts | Last post December 11, 2018
    • i'm testing the script; in the log is reported that 17 users are notified, but only for the first 10 entries in the log i receive an email.
    • What does the console show if you run it manually, are you using -interval?
    • Hi Robert, 
      At the moment there are 15 expiring password.
      if use -interval 1,2,3,...,21 i receive all the expected emails.
      if don't use it only ten are sent.
      No differences in the console output between the two commands (apart from the selected intervals, obviously).
      If i use the -status switch (without -interval) it reports that all 15 emails are sent.
      
    • i found the problem.. sorry, it's my email server that refuse connections sending more then ten email together.
      
  • Fine Grained Password Policies
    5 Posts | Last post November 29, 2018
    • Hello,
      Hi Robert, 
      It looks like, it doesn't work, when using Fine Grained Password Policies.
      I get the error message :
      Get-AduserResultantPasswordPolicy : Impossible de trouver un objet avec l'identité «
      CN=PWD_DURCIE_AVEC_RENOUV_AUTO,CN=Password Settings Container,CN=System,DC=xxx,DC=xxx» sous: «DC=xxx,DC=xxx».
      Au caractère C:\scripts\Notification_expiration_pwd.ps1:153 : 21
      for each account.
      
      Is there something to do to make it work ?
      Thanks for your help.
    • Is it possible this is a language issue?
      
      the script is just using the Get-ADUserResultantPasswordPolicy cmdlet, 
      https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduserresultantpasswordpolicy?view=win10-ps it has worked fine in my testing of FGP.
      
      What version of the script are you using - my line 153 is above the FGP section.
    • I'm using version : Version 2.9 August 2018
      Line 153 : $PasswordPol = (Get-AduserResultantPasswordPolicy $user) 
      
      
    • ok thats fine.
      
      if you run that command in a normal PS window, what result do you get?
    • i ran the script on another PC, and it works fine.
      I don't understand why,... but the most important is :it's ok !
      Thanks for your help
  • Scheduled Task Error
    2 Posts | Last post November 28, 2018
    • Hey Everyone,
      
      I'm trying to set this up as a scheduled task however it's not running.  I can c/p the code into a normal ps prompt and I keep getting The '<' operator is reserved for future use.
      
      It's flagging on the from argument with the IT Support <user@domain.com> 
      
      Any ideas?
      
      Thanks!
    • that should be in quotes.
      
      https://www.youtube.com/watch?v=xbzxWOarVuk
  • Powershell Script - Assigning Values
    2 Posts | Last post November 27, 2018
    • Hey Everyone,
      
      I'm testing out this script and I'm having issues assigning values to these variables below from inside the script. Could anyone let me know where this needs to go inside the script so I don't get prompted for the values when the powershell script runs? 
      
      Thank you!
      
      
      
      $smtpServer
      
      $expireInDays
      
      $from
      
      $interval
      
    • You don't set them inside the script (ideally)
      
      You set them as parameters,
      
      .\myscript.ps1 -smtpserver xxxx -expireindays xx -interval 1,2,3
  • Include and exclude multiple OU's
    2 Posts | Last post November 27, 2018
    • Hi,
      
      Let's say that I have 20 different OU's with user but I only want to send the email notification to users in 9 of them. What's the easiest way to do that?
      
      Thanks for you help
    • Does that mean you dont want to check the other OUs at all? or you want those logged but not emailed?
  • Issues with Task Scheduler
    7 Posts | Last post November 20, 2018
    • Hi, I am trying to get this to work on one of our customers systems and I have managed to run the script manually however I can't seem to automate it via Task Scheduler. I have followed your video, applied the delegation to the OU etc.
      
      This is my current setup for the task:
      
      Start a program: Powershell.exe
      Arguments: -command "'C:\PS\PasswordChangeNotification.ps1' -smtpServer mail.domain.com -expireInDays 4 -from 'Administrator <administrator@mail.org.uk>' -logging -logPath 'C:\PS\Log Files' -testing $true -testRecipient ICT@mail.org.uk"
      
      
      It's set to expire in 4 days during testing and I've tried it with and without $true after testing.
      
      If I try and manually run, it says the job completes in the task scheduler, but no emails are sent to the test account and nor is a log file created.
      
      Any ideas?
    • Can you try it like this instead,
      
      'C:\PS\PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 4 -from "Administrator <administrator@mail.org.uk>" -logging -logPath "C:\PS\Log Files" -testing -testRecipient ICT@mail.org.uk'
    • Hi, I've put in the above within the arguments but sadly still no emails sending/log file.
      
      I'm not sure if this makes a difference but I'm using Server 2012 R2 and using the built in domain administrator account.
    • Load an elevated CMD. 
      
      Then run powershell.exe -command 'C:\PS\PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 4 -from "Administrator <administrator@mail.org.uk>" -logging -logPath "C:\PS\Log Files" -testing -testRecipient ICT@mail.org.uk'
      
      what happens?
    • Hi, I ran from an elevated CMD and this is what I get:
      https://drive.google.com/open?id=1H41EIe_sjuu19VVqrXXbFon5ZIUKLvnz
      
      The first time I put the entire syntax in and after pressing enter, it doubles it as you can see from the screenshot like it's ran the command but no output results.
      
      I then loaded the powershell first and tried running it, but mentions that -Command is incorrect.
      
      Finally I removed the -command and after pressing enter, it doubles the syntax like the command has happened without error but still no output result. It's bizarre.
      
      I know it works because I've run it via Powershell ISE which then asks me for the SMTP server, who to send it from and expiry days. 
      
      Just to double check, once I downloaded the script, I just leave it within the folder and I don't need to make any changes in the script as that's what the arguments are for?
      
      Sorry, very new to powershell so learning as a go along!
    • You may need to right click the file downloaded, go to properties and unblock it.
      
      -command would be incorrect at that point because you have already loaded PowerShell.
      
      Using Powershell.exe -command "..." tells powershell to load, and what command to execute.
      
      If you are already in PowerShell you can substitute -command for .\ which tells PowerShell to execute the file.
      
      Ideally you would navigate to that folder before launching the command.
      
      cd c:\ps <enter>
      .\PasswordChangeNotification.ps1 -etcetc
    • I solved it running directly, without the "-command" Flag. The action ends up like this:
      
      powershell.exe C:\\PasswordChangeNotification.ps1 -expireInDays 7 -logging -logPath C:\Scripts\ -testing -testRecipient admin@mail.com -status
      (i didnt expecify some because i set them inside the script)
  • The smtp server requires a secure connection
    3 Posts | Last post November 16, 2018
    • Hi Robert,
      
      Great script, this is exactly what I was looking for. I have everything configured to my needs except for the mailing part (the most important part). I have watched your YouTube video about smtp authentication, however it still doesn’t explain how to use a secure connection. I keep getting "The smtp server requires a secure connection" from my log. I’ve tried this with a local domain relay (which requires TLS), Office 365 and Gmail.
      
      I’ve seen many questions about this problem in this very Q and A, but no real solutions to the problem, just different ways to go around it. So, my question is, how can I make the script use TLS?
      
      Really looking forward to your reply, I feel like this can help a lot of other people as well.
      
      Kind regards,
      Sebastiaan
      
    • As i am not in control of third party mail servers, it is difficult to give a definitive answer.
      
      From a Windows 10 machine, this command allowed me to send authenticated SMTP via Office 365,
      
      Send-MailMessage -SmtpServer $smtpServer -From $from -To $to -Subject $subject -Body $body -Credential $cred -Port 587  -UseSsl
      
      The same command allowed me to send via gmail as well.
    • You can also adjust the TLS version you are using by adding this before the Send-MailMessage command,
      # For 1.2
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
      # For 1.1
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11
      # For 1.0
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls
  • Gmail authentication
    2 Posts | Last post November 09, 2018
    • Hi there Robert,
      
      This scrips is amazing imo but I'm having a small problem with it.
      I'd really like to use this with my gmail account and I followed your SMTP-Auth tutorial.
      I just keep getting the "the smtp server requires a secure connection or the client was not authenticated". 
      Could this be because I'm using 2factor authentication on my gmail account?
      
      Looking forward to your reply!
      
      Kind regards,
      Sander 
    • Yes i expect so.
      
      You can create an App password in gmail to use with smtp authentication.
      
      https://support.google.com/accounts/answer/185833?hl=en
  • Time to be run?
    2 Posts | Last post November 01, 2018
    • thank you
      
      is this run as a one time event or do you need to run it each time you want the email to be sent?
      
      If so do people setup a scheduled task ?
    • I run it as a scheduled task three times a week.
71 - 80 of 534 Items