Check for never expire passwords

1. $oldfile = "C:\temp\PSWSD_never\OLDNeverExpire.csv"
2. $tempfile = "C:\temp\PSWSD_never\tempOLDNeverExpire.csv"
3. $reportfile = "C:\temp\PSWSD_never\report.txt"
4. $newlist = @()
5. $newentries = @()
6. $oldentries = @()
7. $newusers = @()
8. $removedusers = @()
9.  
10. #$PDC = Get-ADDomain | Select-Object -Property PDCEmulator -ExpandProperty PDCEmulator
11. try
12. {
13.     $oldlist = Import-Csv $oldfile
14. }
15. catch
16. {
17.     New-Item $oldfile -Force -ItemType File
18.     $oldlist = @()
19. }
20. try
21. {
22.     $newlist_objects = Get-ADUser -Properties PAsswordNeverExpires,EmployeeType,pwdLastSet,CanonicalName -Filter { PasswordNeverExpires -EQ $true -and EmployeeType -EQ "Employee" -and Enabled -EQ $true } | Select-Object CanonicalName,@{ Name = "LastSet"; Expression = { [datetime]::FromFileTime($_.pwdLastSet).ToString("yyyy-MM-dd HH:mm:ss") } } | Sort-Object CanonicalName
23.     $newlist_objects | Export-Csv -Path $tempfile -NoTypeInformation -Encoding UTF8
24.  
25.     $newlist = Import-Csv $tempfile
26.  
27. }
28. catch
29. {
30.     Write-Host "Failure"
31.     return
32. }
33. #if ($oldlist -eq $null)
34. #{
35. #    $oldlist+=""
36. #}
37. $Today = (Get-Date).DayOfWeek
38. $Change = $false
39. $change = ((Get-FileHash -Algorithm SHA256 $tempfile).Hash -ne (Get-FileHash -Algorithm SHA256 $oldfile).Hash)
40. if ($oldlist -eq $null -or $change -eq $true -or $Today -eq "Tuesday")
41. {
42.     $oldcount = $oldlist.count
43.     $newcount = $newlist.count
44.     if ($oldcount -gt 0)
45.     {
46.         $output = Compare-Object -ReferenceObject $oldlist -DifferenceObject $newlist
47.     }
48.     else
49.     {
50.         $output = Compare-Object -ReferenceObject "None" -DifferenceObject $newlist
51.     }
52.     #Write-EventLog –LogName Application –Source “Never Expiring Password” –EntryType Information –EventID 100 –Message “There has been a Change in Never Expiring Password Accounts!”
53.  
54.     if ($change)
55.     {
56.         "There has been a change in users that have accounts that do not expire.<BR>" | Tee-Object -File $reportfile -Append
57.         "Previously we had $oldcount and now we have $newcount. <B>There should be NONE.</B><BR>" | Tee-Object -File $reportfile -Append
58.         "<P>The New Users are:<BR>" | Tee-Object -File $reportfile -Append
59.  
60.         #Comparing for new users:
61.  
62.         $newusers += Compare-Object (Import-Csv $oldfile) (Import-Csv $tempfile) | Where-Object { $_.sideindicator -eq "=>" } | ForEach-Object { $_.inputobject } | ConvertTo-Html -Fragment -As Table | Tee-Object -File $reportfile -Append
63.         "</P>" | Tee-Object -File $reportfile -Append
64.  
65.         "<P>The Removed Users are:<BR>" | Tee-Object -File $reportfile -Append
66.         #Comparing for removed users:
67.         $removedusers += Compare-Object (Import-Csv $oldfile) (Import-Csv $tempfile) | Where-Object { $_.sideindicator -eq "<=" } | ForEach-Object { $_.inputobject } | ConvertTo-Html -Fragment -As Table | Tee-Object -File $reportfile -Append
68.         "</P>" | Tee-Object -File $reportfile -Append
69.  
70.     }
71.     else
72.     {
73.         "<P><H2>Weekly update! Still have Employees with non-expiring passwords!!!</H2></P>" | Add-Content $reportfile
74.     }
75.     "<P>The Remaining Users which <b>should be ZERO!</b> are:<br>" | Add-Content $reportfile
76.     $newlist | ConvertTo-Html -Fragment -As Table | Add-Content $reportfile
77.  
78.     $body = Get-Content $reportfile | Out-String
79.  
80.     $Recipients = @("User@Contoso.com")
81.     $Computer = $env:COMPUTERNAME
82.     Send-MailMessage -From "$Computer-PWCchecker@Contoso.com" -To $Recipients -Subject "Change in Non-expiring Passwords" -SmtpServer "SMTP.Contoso.com" -Body $body -BodyAsHtml
83. }
84.  
85. $newlist_objects | Export-Csv -Path $oldfile -NoTypeInformation -Encoding UTF8
86. Remove-Item $tempfile -Force -ErrorAction SilentlyContinue
87. Remove-Item $reportfile -Force -ErrorAction SilentlyContinue