PasswordExpirationEmail

1. <# PasswordNotification.ps1
2.  
3. Description:    Sends notification email to anyone who's password is about to expire.
4.  
5. Notification Points:    14 days then 3 days or less.
6.  
7. Created:    Tim Sutton  on  02/07/14
8.  
9. v1 - Tim Sutton
10.     - Initial build from various bits of code.
11.     - Set up triggers at 14 days and 3 or less.
12.     - Added more details for changing password to email.
13.  
14. v2  -   Tim Sutton  on  20/10/14
15.     - Added logging to central monthly file
16.     - Removed bcc IT Ops
17.     - Change $name in email to $GiveName
18.     - [NINJA EDIT] added $FullName variable to be logged to file.
19.  
20. #>
21.  
22. ##################################################################################################################
23. # Variables to be configured ....
24. $smtpServer="127.0.0.1"
25. $expireindays1 = 14
26. $expireindays2 = 3
27. $from = "IT Team <ITOps@domain.com>"
28. ###################################################################################################################
29.  
30. #Get Users From AD who are enabled
31. Import-Module ActiveDirectory
32. $users = get-aduser -SearchBase "ou=specificou,dc=domain,dc=local" -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }  | where {$_.distinguishedname -notlike '*Retired*'}
33.  
34.  
35. ###################################################################################################################
36. # grab information for each user and build email
37. ###################################################################################################################
38.  
39. foreach ($user in $users)
40. {
41.   $Name = (Get-ADUser $user | foreach { $_.GivenName})
42.   $FullName = (Get-ADUser $user | foreach { $_.Name})
43.   $emailaddress = $user.emailaddress
44.   $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
45.   $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
46.   # Check for Fine Grained Password
47.   if (($PasswordPol) -ne $null)
48.   {
49.     $maxPasswordAge = ($PasswordPol).MaxPasswordAge
50.   }
51.  
52.   else
53.   {
54.     $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
55.   }
56.  
57. # Building email  
58.   $expireson = $passwordsetdate + $maxPasswordAge
59.   $today = (get-date)
60.   $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
61.   $subject="Your password will expire in $daystoExpire days"
62.   $body1 ="
63.  <font face=arial size=``2.5``>
64.  Hello $name,
65.  <p> Just a brief reminder that your password will expire in $daystoexpire days.<br>
66.  <br>
67.  You don't have to do anything at this point and we'll send you another reminder a few days before your password expires. Please be aware though that if your password does expire, you will lose access to $Company resources.</p>
68.  <p>To change your password on a $Company PC, logon on as yourself then press CTRL+ALT+Delete and choose ''Change Password''.</p>
69.  <p> Don't forget that once your password has been changed any additional devices, e.g. mobile phone, iPad and the VPN client, will also require a password update.</p>
70.  <p>Thanks, <br>
71.  IT Team <br>
72.  </p>
73.  </font>"
74.  
75.   $body2 ="
76.  <font face=arial size=``2.5``>
77.  Hello $name,
78.  <p> Your password will expire in $daystoexpire days so you need to update it as soon as possible.<br>
79.  <br>
80.  Please be aware that if your password does expire, you will lose access to $Company resources (i.e.: email, file shares, timesheets etc.).</p>
81.  <p>To change your password on a @Company PC, logon on as yourself then press CTRL+ALT+Delete and choose ''Change Password''.</p>
82.  <p>You can also change your password via the email webportal at <a href=``http://mail.company.com``>mail.company.com</a> if you are away from the office. To do this, log on to the website as per usual then click ''Options'' on the top right then ''Settings'' on the left and finally click on the tab labelled ''Password''. You can then change your password on that page and click ''Save'' in the bottom corner.<br>
83.  <p>You can also use the email portal to reset you password if it has expired.</p>
84.  <p> Don't forget that once your password has been changed any additional devices, e.g. mobile phone, iPad and the VPN client, will also require a password update.</p>
85.  <p>For more information on the password policy, requirements and IT in general, please see the IT pages of $Intranet.</p>
86.  <p>Thanks, <br>
87.  IT Team <br>
88.  </p>
89.  </font>"
90.  
91. ###################################################################################################################
92. # Send email if password expiration meets variables defined up top and writes to monthly log file.
93. ###################################################################################################################
94.  
95.     if ($daystoexpire -eq $expireindays1)
96.   {
97.     Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body1 -bodyasHTML
98.     Add-Content "\\$server\$Share\Logs\PasswordNotifications-$(get-date -UFormat "%Y-%m").log" "$(Get-date -uf "%Y-%m-%d") $FullName $subject"
99.      
100.   }  
101.  
102.  
103.   if ($daystoexpire -le $expireindays2)
104.   {
105.     Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body2 -bodyasHTML -priority High
106.     Add-Content "\\$server\$Share\Logs\PasswordNotifications-$(get-date -UFormat "%Y-%m").log" "$(Get-date -uf "%Y-%m-%d") $FullName $subject"
107.      
108.   }  
109.    
110. }