Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <# PasswordNotification.ps1
- Description: Sends notification email to anyone who's password is about to expire.
- Notification Points: 14 days then 3 days or less.
- Created: Tim Sutton on 02/07/14
- v1 - Tim Sutton
- - Initial build from various bits of code.
- - Set up triggers at 14 days and 3 or less.
- - Added more details for changing password to email.
- v2 - Tim Sutton on 20/10/14
- - Added logging to central monthly file
- - Removed bcc IT Ops
- - Change $name in email to $GiveName
- - [NINJA EDIT] added $FullName variable to be logged to file.
- #>
- ##################################################################################################################
- # Variables to be configured ....
- $smtpServer="127.0.0.1"
- $expireindays1 = 14
- $expireindays2 = 3
- $from = "IT Team <ITOps@domain.com>"
- ###################################################################################################################
- #Get Users From AD who are enabled
- Import-Module ActiveDirectory
- $users = get-aduser -SearchBase "ou=specificou,dc=domain,dc=local" -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false } | where {$_.distinguishedname -notlike '*Retired*'}
- ###################################################################################################################
- # grab information for each user and build email
- ###################################################################################################################
- foreach ($user in $users)
- {
- $Name = (Get-ADUser $user | foreach { $_.GivenName})
- $FullName = (Get-ADUser $user | foreach { $_.Name})
- $emailaddress = $user.emailaddress
- $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
- $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
- # Check for Fine Grained Password
- if (($PasswordPol) -ne $null)
- {
- $maxPasswordAge = ($PasswordPol).MaxPasswordAge
- }
- else
- {
- $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
- }
- # Building email
- $expireson = $passwordsetdate + $maxPasswordAge
- $today = (get-date)
- $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
- $subject="Your password will expire in $daystoExpire days"
- $body1 ="
- <font face=arial size=``2.5``>
- Hello $name,
- <p> Just a brief reminder that your password will expire in $daystoexpire days.<br>
- <br>
- You don't have to do anything at this point and we'll send you another reminder a few days before your password expires. Please be aware though that if your password does expire, you will lose access to $Company resources.</p>
- <p>To change your password on a $Company PC, logon on as yourself then press CTRL+ALT+Delete and choose ''Change Password''.</p>
- <p> Don't forget that once your password has been changed any additional devices, e.g. mobile phone, iPad and the VPN client, will also require a password update.</p>
- <p>Thanks, <br>
- IT Team <br>
- </p>
- </font>"
- $body2 ="
- <font face=arial size=``2.5``>
- Hello $name,
- <p> Your password will expire in $daystoexpire days so you need to update it as soon as possible.<br>
- <br>
- Please be aware that if your password does expire, you will lose access to $Company resources (i.e.: email, file shares, timesheets etc.).</p>
- <p>To change your password on a @Company PC, logon on as yourself then press CTRL+ALT+Delete and choose ''Change Password''.</p>
- <p>You can also change your password via the email webportal at <a href=``http://mail.company.com``>mail.company.com</a> if you are away from the office. To do this, log on to the website as per usual then click ''Options'' on the top right then ''Settings'' on the left and finally click on the tab labelled ''Password''. You can then change your password on that page and click ''Save'' in the bottom corner.<br>
- <p>You can also use the email portal to reset you password if it has expired.</p>
- <p> Don't forget that once your password has been changed any additional devices, e.g. mobile phone, iPad and the VPN client, will also require a password update.</p>
- <p>For more information on the password policy, requirements and IT in general, please see the IT pages of $Intranet.</p>
- <p>Thanks, <br>
- IT Team <br>
- </p>
- </font>"
- ###################################################################################################################
- # Send email if password expiration meets variables defined up top and writes to monthly log file.
- ###################################################################################################################
- if ($daystoexpire -eq $expireindays1)
- {
- Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body1 -bodyasHTML
- Add-Content "\\$server\$Share\Logs\PasswordNotifications-$(get-date -UFormat "%Y-%m").log" "$(Get-date -uf "%Y-%m-%d") $FullName $subject"
- }
- if ($daystoexpire -le $expireindays2)
- {
- Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body2 -bodyasHTML -priority High
- Add-Content "\\$server\$Share\Logs\PasswordNotifications-$(get-date -UFormat "%Y-%m").log" "$(Get-date -uf "%Y-%m-%d") $FullName $subject"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement