API tools faq
paste
Guest User

Untitled

a guest
Jun 14th, 2018
250
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.74 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .Synopsis
  3. Script to Automated Email Reminders when Users Passwords due to Expire.
  4. .DESCRIPTION
  5. Script to Automated Email Reminders when Users Passwords due to Expire.
  6. Robert Pearman (Cloud & Data Center MVP)
  7. WindowsServerEssentials.com
  8. Version 2.7 November 2017
  9. Requires: Windows PowerShell Module for Active Directory
  10. For assistance and ideas, visit the TechNet Gallery Q&A Page. http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27/view/Discussions#content
  11. .EXAMPLE
  12. PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 21 -from "IT Support <support@domain.com>" -Logging -LogPath "c:\logFiles" -testing -testRecipient support@domain.com
  13. .EXAMPLE
  14. PasswordChangeNotification.ps1 -smtpServer mail.domain.com -expireInDays 21 -from "IT Support <support@domain.com>" -reportTo myaddress@domain.com -interval 1,2,5,10,15
  15. #>
  16. param(
  17. # $smtpServer Enter Your SMTP Server Hostname or IP Address
  18. [Parameter(Mandatory=$True,Position=0)]
  19. [ValidateNotNull()]
  20. [string]$smtpServer,
  21. # Notify Users if Expiry Less than X Days
  22. [Parameter(Mandatory=$True,Position=1)]
  23. [ValidateNotNull()]
  24. [int]$expireInDays,
  25. # From Address, eg "IT Support <support@domain.com>"
  26. [Parameter(Mandatory=$True,Position=2)]
  27. [ValidateNotNull()]
  28. [string]$from,
  29. [Parameter(Position=3)]
  30. [switch]$logging,
  31. # Log File Path
  32. [Parameter(Position=4)]
  33. [string]$logPath,
  34. # Testing Enabled
  35. [Parameter(Position=5)]
  36. [switch]$testing,
  37. # Test Recipient, eg recipient@domain.com
  38. [Parameter(Position=6)]
  39. [string]$testRecipient,
  40. # Output more detailed status to console
  41. [Parameter(Position=7)]
  42. [switch]$status,
  43. # Log file recipient
  44. [Parameter(Position=8)]
  45. [string]$reportto,
  46. # Notification Interval
  47. [Parameter(Position=9)]
  48. [array]$interval
  49. )
  50. ###################################################################################################################
  51. $start = [datetime]::Now
  52. $midnight = $start.Date.AddDays(1)
  53. $timeToMidnight = New-TimeSpan -Start $start -end $midnight.Date
  54. $midnight2 = $start.Date.AddDays(2)
  55. $timeToMidnight2 = New-TimeSpan -Start $start -end $midnight2.Date
  56. # System Settings
  57. $textEncoding = [System.Text.Encoding]::UTF8
  58. $today = $start
  59. # End System Settings
  60.  
  61. # Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
  62. Import-Module ActiveDirectory
  63. $padVal = "20"
  64. Write-Output "Script Loaded"
  65. Write-Output "*** Settings Summary ***"
  66. $smtpServerLabel = "SMTP Server".PadRight($padVal," ")
  67. $expireInDaysLabel = "Expire in Days".PadRight($padVal," ")
  68. $fromLabel = "From".PadRight($padVal," ")
  69. $testLabel = "Testing".PadRight($padVal," ")
  70. $testRecipientLabel = "Test Recipient".PadRight($padVal," ")
  71. $logLabel = "Logging".PadRight($padVal," ")
  72. $logPathLabel = "Log Path".PadRight($padVal," ")
  73. $reportToLabel = "Report Recipient".PadRight($padVal," ")
  74. $interValLabel = "Intervals".PadRight($padval," ")
  75. if($testing)
  76. {
  77. if(($testRecipient) -eq $null)
  78. {
  79. Write-Output "No Test Recipient Specified"
  80. Exit
  81. }
  82. }
  83. if($logging)
  84. {
  85. if(($logPath) -eq $null)
  86. {
  87. $logPath = $PSScriptRoot
  88. }
  89. }
  90. Write-Output "$smtpServerLabel : $smtpServer"
  91. Write-Output "$expireInDaysLabel : $expireInDays"
  92. Write-Output "$fromLabel : $from"
  93. Write-Output "$logLabel : $logging"
  94. Write-Output "$logPathLabel : $logPath"
  95. Write-Output "$testLabel : $testing"
  96. Write-Output "$testRecipientLabel : $testRecipient"
  97. Write-Output "$reportToLabel : $reportto"
  98. Write-Output "$interValLabel : $interval"
  99. Write-Output "*".PadRight(25,"*")
  100. $users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
  101. # Count Users
  102. $usersCount = ($users | Measure-Object).Count
  103. Write-Output "Found $usersCount User Objects"
  104. # Collect Domain Password Policy Information
  105. $defaultMaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy -ErrorAction Stop).MaxPasswordAge.Days
  106. Write-Output "Domain Default Password Age: $defaultMaxPasswordAge"
  107. # Collect Users
  108. $colUsers = @()
  109. # Process Each User for Password Expiry
  110. Write-Output "Process User Objects"
  111. foreach ($user in $users)
  112. {
  113. $Name = $user.Name
  114. $emailaddress = $user.emailaddress
  115. $passwordSetDate = $user.PasswordLastSet
  116. $samAccountName = $user.SamAccountName
  117. $pwdLastSet = $user.PasswordLastSet
  118. # Check for Fine Grained Password
  119. $maxPasswordAge = $defaultMaxPasswordAge
  120. $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
  121. if (($PasswordPol) -ne $null)
  122. {
  123. $maxPasswordAge = ($PasswordPol).MaxPasswordAge.Days
  124. }
  125. # Create User Object
  126. $userObj = New-Object System.Object
  127. $expireson = $pwdLastSet.AddDays($maxPasswordAge)
  128. $daysToExpire = New-TimeSpan -Start $today -End $Expireson
  129. # Round Up or Down
  130. if(($daysToExpire.Days -eq "0") -and ($daysToExpire.TotalHours -le $timeToMidnight.TotalHours))
  131. {
  132. $userObj | Add-Member -Type NoteProperty -Name UserMessage -Value "vandaag."
  133. }
  134. if(($daysToExpire.Days -eq "0") -and ($daysToExpire.TotalHours -gt $timeToMidnight.TotalHours) -or ($daysToExpire.Days -eq "1") -and ($daysToExpire.TotalHours -le $timeToMidnight2.TotalHours))
  135. {
  136. $userObj | Add-Member -Type NoteProperty -Name UserMessage -Value "morgen."
  137. }
  138. if(($daysToExpire.Days -ge "1") -and ($daysToExpire.TotalHours -gt $timeToMidnight2.TotalHours))
  139. {
  140. $days = $daysToExpire.TotalDays
  141. $days = [math]::Round($days)
  142. $userObj | Add-Member -Type NoteProperty -Name UserMessage -Value "in $days dagen."
  143. }
  144. $daysToExpire = [math]::Round($daysToExpire.TotalDays)
  145. $userObj | Add-Member -Type NoteProperty -Name UserName -Value $samAccountName
  146. $userObj | Add-Member -Type NoteProperty -Name Name -Value $Name
  147. $userObj | Add-Member -Type NoteProperty -Name EmailAddress -Value $emailAddress
  148. $userObj | Add-Member -Type NoteProperty -Name PasswordSet -Value $pwdLastSet
  149. $userObj | Add-Member -Type NoteProperty -Name DaysToExpire -Value $daysToExpire
  150. $userObj | Add-Member -Type NoteProperty -Name ExpiresOn -Value $expiresOn
  151. $colUsers += $userObj
  152. }
  153. $colUsersCount = ($colUsers | Measure-Object).Count
  154. Write-Output "$colusersCount Users processed"
  155. $notifyUsers = $colUsers | where { $_.DaysToExpire -le $expireInDays}
  156. $notifiedUsers = @()
  157. $notifyCount = ($notifyUsers | Measure-Object).Count
  158. Write-Output "$notifyCount Users with expiring passwords within $expireInDays Days"
  159. foreach ($user in $notifyUsers)
  160. {
  161. # Email Address
  162. $samAccountName = $user.UserName
  163. $emailAddress = $user.EmailAddress
  164. # Set Greeting Message
  165. $name = $user.Name
  166. $messageDays = $user.UserMessage
  167. # Subject Setting
  168. $subject="Je beheer wachtwoord verloopt $messageDays"
  169. # Email Body Set Here, Note You can use HTML, including Images.
  170. $body ="
  171. <font face=""verdana"">
  172. Beste $name,
  173. <p> Je beheer wachtwoord verloopt $messageDays<br>
  174. Dit wachtwoord wordt o.a. gebruikt voor RDM<br>
  175. Gebruik het volgende <a href=""https://rdms.previder.nl/RDWeb/Pages/en-US/password.aspx"">portaal</a> om je wachtwoord te wijzigen<br>
  176. <p>Met vriendelijke groet, <br>
  177. </P>
  178. SMB Managed Services
  179. </font>"
  180.  
  181. # If Testing Is Enabled - Email Administrator
  182. if($testing)
  183. {
  184. $emailaddress = $testRecipient
  185. } # End Testing
  186.  
  187. # If a user has no email address listed
  188. if(($emailaddress) -eq $null)
  189. {
  190. $emailaddress = $testRecipient
  191. }# End No Valid Email
  192. $samLabel = $samAccountName.PadRight($padVal," ")
  193. try
  194. {
  195. if($interval)
  196. {
  197. $daysToExpire = [int]$user.DaysToExpire
  198. if(($interval) -Contains($daysToExpire))
  199. {
  200. if($status)
  201. {
  202. Write-Output "Sending Email : $samLabel : $emailAddress"
  203. }
  204. Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding -ErrorAction Stop
  205. $user | Add-Member -MemberType NoteProperty -Name SendMail -Value "OK"
  206. }
  207. else
  208. {
  209. if($status)
  210. {
  211. Write-Output "Sending Email : $samLabel : $emailAddress : Skipped - Interval"
  212. }
  213. $user | Add-Member -MemberType NoteProperty -Name SendMail -Value "Skipped - Interval"
  214. }
  215. }
  216. else
  217. {
  218. if($status)
  219. {
  220. Write-Output "Sending Email : $samLabel : $emailAddress"
  221. }
  222. Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding -ErrorAction Stop
  223. $user | Add-Member -MemberType NoteProperty -Name SendMail -Value "OK"
  224. }
  225.  
  226. }
  227. catch
  228. {
  229. $errorMessage = $_.exception.Message
  230. if($status)
  231. {
  232. $errorMessage
  233. }
  234. $user | Add-Member -MemberType NoteProperty -Name SendMail -Value $errorMessage
  235. }
  236. $notifiedUsers += $user
  237. }
  238. if($logging)
  239. {
  240. # Create Log File
  241. Write-Output "Creating Log File"
  242. $day = $today.Day
  243. $month = $today.Month
  244. $year = $today.Year
  245. $date = "$day-$month-$year"
  246. $logFileName = "$date-PasswordLog.csv"
  247. if(($logPath.EndsWith("\")))
  248. {
  249. $logPath = $logPath -Replace ".$"
  250. }
  251. $logFile = $logPath, $logFileName -join "\"
  252. Write-Output "Log Output: $logfile"
  253. $notifiedUsers | Export-CSV $logFile
  254. if($reportTo)
  255. {
  256. $reportSubject = "Password Expiry Report"
  257. $reportBody = "Password Expiry Report Attached"
  258. try {
  259. Send-Mailmessage -smtpServer $smtpServer -from $from -to $reportTo -subject $reportSubject -body $reportbody -bodyasHTML -priority High -Encoding $textEncoding -Attachments $logFile -ErrorAction Stop
  260. }
  261. catch
  262. {
  263. $error = $_.Exception.Message
  264. Write-Output $error
  265. }
  266. }
  267. }
  268. $notifiedUsers | select UserName,Name,EmailAddress,PasswordSet,DaysToExpire,ExpiresOn | sort DaystoExpire | FT -autoSize
  269.  
  270. $stop = [datetime]::Now
  271. $runTime = New-TimeSpan $start $stop
  272. Write-Output "Script Runtime: $runtime"
  273. # End
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!