Password Expiry Email Notification

This script will email a user in the event that their password is due to expire in X number of days.

 
 
 
 
 
4.6 Star
(153)
80,320 times
Add to favorites
Active Directory
8/7/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • New to This
    2 Posts | Last post October 30, 2018
    • I am sorry to bother you, This is a great script, but we have set up an Exchange Server In-House and have many shared Mailboxes, this are all Disabled Accounts but the script emails them saying your password is due to Expire.
      I cannot Exempt an OU as each Shared Mailbox is in the OU for each Sub Site, Can I get this script to ignore Disabled Accounts.
    • On line 132 it should be filtering out accounts that are disabled.
      
      get-aduser -filter {(Enabled -eq $true)...}
      
      Which version are you using, have you made changes to it?
  • Parameters Dont Matter
    2 Posts | Last post October 29, 2018
    • Robert, thanks so much for making this available!
      
      I have enjoyed working with this to get it to work.
      
      # Please Configure the following variables....
      $smtpServer="xxx02.xxx.com"
      $expireindays = 21
      $interval = 1,2,5,10
      $from = "Password Reset Notification <support@xxxx.com>"
      $logging = "Enabled" # Set to Disabled to Disable Logging
      $logFile = "\\cccccc\cccccccc\mylog.csv" # ie. c:\mylog.csv
      $reportto = "bxxxxr@xxxx.com"
      $testing = "Disabled" # Set to Disabled to Email Users
      $testRecipient = "asdkljfhn@ccccc.com"
      
      I am testing the code and have run it in test mode many times.  Once I get it to work in testing I modify the parameters for real-time.  The new modifications are not working.
      
      1. The log file is not going to a new path I specified
      2. The server thinks testing is still enabled because my test account is getting the email.
      
      I have noticed this on-off with other parameters and I am, honestly, clueless, why the new changes are not being implemented in the code.
      
      Thanks for your help!  Always!!
      
      -Jason
    • Which version of the script are you using?
      
      You should not set the values of the variables inside the script itself.
  • Exclude an OU?
    2 Posts | Last post October 11, 2018
    • Hello,
      
      I've been using this great script for over a year - once again, great work. I have an OU that i'd like to exclude from the script. Is it possible to do this instead of specifying multiple OUs in the -searchbase?
    • Excluding a single OU is possibly, if a little convoluted.
      
      If you add CanonicalName to the -properties section of Get-AdUser, this will collect everyones CanonicalName, which, if you did not know, is the path to the user object in AD. (we could also use a distinguishedname)
      
      now, somewhere near the top lets say line 139 add in,
      
      $excludeOU = @("mydomain.domain.com/OU/OU/")
      
      where that is the path to the OU you want to exclude, leave the trailing "/".
      
      At line 178 we then need to add in a bit of script to collect the users OU and add it to the $userObj.
      
      $userCanon = $user.CanonicalName.Replace($user.Name,"")
      
      then line 184
      
      if(($excludeOU) -contains $userCanon)
      {
      # Skip User
      }
      else
      {
      $colUsers += $userObj
      }
      
      
      I have not tested this, and this won't do anything like log the exclusions, or even output anything to the colsole, but it should be enough to skip an OU.
      
      
      
      
  • Emails not sending to Users
    2 Posts | Last post October 11, 2018
    • Hello,
      
      Script has been running perfect for over a year. I have it running via a task scheduler and recently it stopped working due to the scheduler running off an account that had the password expire.
      
       I have the scheduler working again, but now the script won't send emails to users. Though the testing attribute does work and it sends email to me that way.
      
      So it seems to work in all aspects except sending the emails. I also confirmed there are no emails being sent out and blocked or sent to junk mail.
      
      Would anyone be able to help? Much appreciated! 
    • Does the account sending email need authentication? Did you update the credential for that account?
  • Little Problem
    4 Posts | Last post October 11, 2018
    • Hi,
      
      Thanks for this script ! 
      
      I have something wrong using it : All my user are logged as "Skipped - Interval" even if they are in the good interval ! This is my CMD : 
      
      Powershell.exe -executionpolicy remotesigned -File C:\Scripts\PasswordChangeNotification.ps1 -smtpServer mail.blablabla.fr -expireInDays 10 -from "Support <support@blablabla.com>" -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient bla@blablabla.com
      
      And a log : 
      
      "in 10 days.","blabla","BLA bla","blabla@blabla.com","13/08/2018 09:36:11","10","12/10/2018 09:36:11","Skipped - Interval"
      "in 3 days.","blabla","BLA bla","blabla@blabla.com","06/08/2018 12:01:45","3","05/10/2018 12:01:45","Skipped - Interval"
      
      
      Thanks a lot ! 
    • Instead of -file, use -command
    • Hi Robert, 
      when i use - command , will get the result (0X1)
      if i use -file, same case as AlfredIT , the log will show all email skipped.
      Thanks,
      
    • Check out this video.
      https://www.youtube.com/watch?v=3ia-cJbf5Ng
      
      You need to put everything inside quotes after -command.
      
      Command:
      Powershell.exe
      
      Arguments:
      "-executionpolicy remotesigned -command C:\Scripts\PasswordChangeNotification.ps1 -smtpServer mail.blablabla.fr -expireInDays 10 -from 'Support <support@blablabla.com>' -interval 1,2,3,10 -Logging -LogPath "c:\scripts\logs" -testing -testRecipient bla@blablabla.com -interval 1,3,7,9"
      
  • Your scipt in task schedule problem
    1 Posts | Last post October 05, 2018
    • Good day,
      I am now having a problem to deploy on a task schedule, 
      the arguments space have limitation, so i can't input all the parameter,
      
      -NoProfile -ExecutionPolicy Unrestricted -File "D:\.\PwNotice.ps1 -smtpServer XXX.XXX.XXX.XXX -expireInDays 7 -from "IT Support <CGIPW_EXPIRY@XXXXXXXXXXXXXXXXX.com.hk>" -Logging -LogPath "D:\logFiles" -reportTo ITMAILMAIL@XXXXXXXXXXXXXX.com.hk -interval 1,2,3,5,7
      
      Kindly help & let me know how to fix this problem? 
      
      Thanks a lot.
      
      
       
  • Rename CSV column name
    3 Posts | Last post October 04, 2018
    • Hi Robert,
      
      I think it's a bit difficult to adjust the datetime format, so instead I'm just trying to add MM/DD/YYYY to the column name or description, so that the users can read the date properly.
      
      I tried to modify with this line
      
      $notifiedUsers | select UserName,Name,EmailAddress,PasswordSet,DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      
      with for example renaming the "PasswordSet"
      
      $notifiedUsers | select UserName,Name,EmailAddress,@{Name = "PwdSet-MM/DD/YYYY"; Expression = {$_.PasswordSet}},DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
      
      The script executed without problem, however it only updated the column number on-screen output, it hasn't rename the column header in the CSV file.
      
      Am I change wrong place or wrong method?
      
      Please kindly help.
      
    • The column header is set based on the object name.
      
      So $daysToExpire is set on line 182. '-name DaysToExpire'.
      
      PasswordSet is on line 181.
      
      But, by changing these values you need to make sure they are not set elsewhere using the original names.
      
      For example on line 191 where we reference $_.DaysToExpire this would need to match whatever you change the value on line 182 for.
    • Thank you Robert for your quick reply.
      
      So instead of changing existing object name, is it possible if I create duplicate of these object with a different '-name', so that I can specifically used in the report and log view?
      
      If so, where would I placed these 'names' for report and logs?
  • Number of users
    5 Posts | Last post October 04, 2018
    • When i run this command :
      (Get-ADUser -filter *).count 
      I'm getting a different number of user compared to when i run your script. Why ?
    • Your command returns every user in the domain, my command filters the users to only include those with expiring passwords etc.
    • The users who's password are supposed to expire are not showing up.
    • I have the same issue.
      when i test manually the command 
      "$users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
      # Count Users
      $usersCount = ($users | Measure-Object).Count"
      Write-Output "Found $usersCount User Objects"
      The result is about 600 users, but when i run the script, they returns only 20 users. why ?
      
    • Without seeing a log or transcript of the powershell session, i can not say, except that usually this it is caused by Users not meeting the filtering requirements and being discarded from the results.
  • Should this scipt run everyday?
    1 Posts | Last post October 03, 2018
    • I run it manually , it works 
      Setting : (Interval =1,2,3,5,8)
      Refer to log file , some user expiry in 4 days,
      then email will not send out,(Right?)
      so, should i run this scipt on tomorrow again to success send the email to user? 
      Thanks a lot
      
  • Sending report only
    4 Posts | Last post October 02, 2018
    • Hello Robert,
      
      How can I config a schedule task with your script so that it will send report only for twice a  week?
      
      As the administrator will only need to see the report twice a week, if I setup another schedule with the script at different schedule, the end user will get 2 copies of notification sometimes.
      
      Please kindly help.
      
      
    • Off the top of my head...
      
      Lets say you schedule the script to run on a Tuesday and Thursday.
      
      Under the report section (Line 300 v2.9)
      
      Inside the brackets if($reportTo) add, 
      
          if($reportTo)
          {
              if(($start.DayOfWeek) -eq "Thursday")
              {
                  $reportSubject = "Password Expiry Report"
                  $reportBody = "Password Expiry Report Attached"
                  try{
                      Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop 
                  }
                  catch{
                      $errorMessage = $_.Exception.Message
                      Write-Output $errorMessage
                  }    
              }
          }
      
      So the report would only send on a Thursday.
    • Thank you Robert, I will give this a try and let you know how I go.
    • Thanks Robert, this is working well.
81 - 90 of 534 Items