SHARE
TWEET

Check for never expire passwords

Dragonspeed Dec 5th, 2019 (edited) 106 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $oldfile = "C:\temp\PSWSD_never\OLDNeverExpire.csv"
  2. $tempfile = "C:\temp\PSWSD_never\tempOLDNeverExpire.csv"
  3. $reportfile = "C:\temp\PSWSD_never\report.txt"
  4. $newlist = @()
  5. $newentries = @()
  6. $oldentries = @()
  7. $newusers = @()
  8. $removedusers = @()
  9.  
  10. #$PDC = Get-ADDomain | Select-Object -Property PDCEmulator -ExpandProperty PDCEmulator
  11. try
  12. {
  13.     $oldlist = Import-Csv $oldfile
  14. }
  15. catch
  16. {
  17.     New-Item $oldfile -Force -ItemType File
  18.     $oldlist = @()
  19. }
  20. try
  21. {
  22.     $newlist_objects = Get-ADUser -Properties PAsswordNeverExpires,EmployeeType,pwdLastSet,CanonicalName -Filter { PasswordNeverExpires -EQ $true -and EmployeeType -EQ "Employee" -and Enabled -EQ $true } | Select-Object CanonicalName,@{ Name = "LastSet"; Expression = { [datetime]::FromFileTime($_.pwdLastSet).ToString("yyyy-MM-dd HH:mm:ss") } } | Sort-Object CanonicalName
  23.     $newlist_objects | Export-Csv -Path $tempfile -NoTypeInformation -Encoding UTF8
  24.  
  25.     $newlist = Import-Csv $tempfile
  26.  
  27. }
  28. catch
  29. {
  30.     Write-Host "Failure"
  31.     return
  32. }
  33. #if ($oldlist -eq $null)
  34. #{
  35. #    $oldlist+=""
  36. #}
  37. $Today = (Get-Date).DayOfWeek
  38. $Change = $false
  39. $change = ((Get-FileHash -Algorithm SHA256 $tempfile).Hash -ne (Get-FileHash -Algorithm SHA256 $oldfile).Hash)
  40. if ($oldlist -eq $null -or $change -eq $true -or $Today -eq "Tuesday")
  41. {
  42.     $oldcount = $oldlist.count
  43.     $newcount = $newlist.count
  44.     if ($oldcount -gt 0)
  45.     {
  46.         $output = Compare-Object -ReferenceObject $oldlist -DifferenceObject $newlist
  47.     }
  48.     else
  49.     {
  50.         $output = Compare-Object -ReferenceObject "None" -DifferenceObject $newlist
  51.     }
  52.     #Write-EventLog –LogName Application –Source “Never Expiring Password” –EntryType Information –EventID 100 –Message “There has been a Change in Never Expiring Password Accounts!”
  53.  
  54.     if ($change)
  55.     {
  56.         "There has been a change in users that have accounts that do not expire.<BR>" | Tee-Object -File $reportfile -Append
  57.         "Previously we had $oldcount and now we have $newcount. <B>There should be NONE.</B><BR>" | Tee-Object -File $reportfile -Append
  58.         "<P>The New Users are:<BR>" | Tee-Object -File $reportfile -Append
  59.  
  60.         #Comparing for new users:
  61.  
  62.         $newusers += Compare-Object (Import-Csv $oldfile) (Import-Csv $tempfile) | Where-Object { $_.sideindicator -eq "=>" } | ForEach-Object { $_.inputobject } | ConvertTo-Html -Fragment -As Table | Tee-Object -File $reportfile -Append
  63.         "</P>" | Tee-Object -File $reportfile -Append
  64.  
  65.         "<P>The Removed Users are:<BR>" | Tee-Object -File $reportfile -Append
  66.         #Comparing for removed users:
  67.         $removedusers += Compare-Object (Import-Csv $oldfile) (Import-Csv $tempfile) | Where-Object { $_.sideindicator -eq "<=" } | ForEach-Object { $_.inputobject } | ConvertTo-Html -Fragment -As Table | Tee-Object -File $reportfile -Append
  68.         "</P>" | Tee-Object -File $reportfile -Append
  69.  
  70.     }
  71.     else
  72.     {
  73.         "<P><H2>Weekly update! Still have Employees with non-expiring passwords!!!</H2></P>" | Add-Content $reportfile
  74.     }
  75.     "<P>The Remaining Users which <b>should be ZERO!</b> are:<br>" | Add-Content $reportfile
  76.     $newlist | ConvertTo-Html -Fragment -As Table | Add-Content $reportfile
  77.  
  78.     $body = Get-Content $reportfile | Out-String
  79.  
  80.     $Recipients = @("User@Contoso.com")
  81.     $Computer = $env:COMPUTERNAME
  82.     Send-MailMessage -From "$Computer-PWCchecker@Contoso.com" -To $Recipients -Subject "Change in Non-expiring Passwords" -SmtpServer "SMTP.Contoso.com" -Body $body -BodyAsHtml
  83. }
  84.  
  85. $newlist_objects | Export-Csv -Path $oldfile -NoTypeInformation -Encoding UTF8
  86. Remove-Item $tempfile -Force -ErrorAction SilentlyContinue
  87. Remove-Item $reportfile -Force -ErrorAction SilentlyContinue
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top