Last active
May 9, 2017 19:21
-
-
Save Gunslap/a5fed0cac9f37efac15ae027e0ee4ef9 to your computer and use it in GitHub Desktop.
This script will query AD for user's whose passwords will expire on the day, 5 days from today, and 1 day, and then send them an email reminder, as well as writes the emailed users out to a log.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ************************************** | |
| * Email Expiring Password Reminder * | |
| ************************************** | |
| Created By: Gunslap | |
| Purpose: | |
| This script will query AD for user's whose passwords will expire on the day, 5 days from today, and 1 day, and then send them an email reminder, as well as writes | |
| the emailed users out to a log. | |
| Requirements: | |
| The script must be run from a server with an account that has access to AD (RSAT tools is acceptable) and the internal SMTP server | |
| It must include the enhanced "Send-MailMessage.ps1" module so it can send images with the emails -> https://gallery.technet.microsoft.com/scriptcenter/Send-MailMessage-3a920a6d | |
| The top variables will have to be adjusted to point to the correct locations | |
| Potential Issues: | |
| The script already filters out quite a few service accounts, but there is the potential that others have been missed. | |
| #> | |
| ########################################################################## | |
| #Import the enhanced sendmail module | |
| Import-Module C:\Send-MailMessage.ps1 | |
| #Set the logfile path | |
| $logPath = "c:\test\" | |
| #Name the lofile | |
| $LogName = "EmailReminderLog_" + (Get-Date).ToString("yyyy-MM-dd") | |
| #Location of Sasktoon Logo Image | |
| $image = "C:\Logo.jpg" | |
| #Calculate the date 5 days from today (to determine how far forward to search for expiring accounts) | |
| $futureDatetoCheck = (get-date).Date.AddDays(5) | |
| ########################################################################## | |
| #Get max password age policy | |
| $maxPasswordAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days | |
| <#Find all enabled users who: | |
| -have passwords that will expire in exactly 5 days | |
| -do not have the "password never expires" flag set | |
| -have a mail box | |
| -have names that do not contain "test" | |
| -are not in the "Special" (service account) OU | |
| #> | |
| $expiringUsers = Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} –Properties "Displayname","PasswordLastSet","lastLogon","mail"| | |
| where {$_.mail -notlike "" -and (($_.PasswordLastSet).Date.AddDays($maxPasswordAge) -eq $futureDatetoCheck -or ($_.PasswordLastSet).Date.AddDays($maxPasswordAge) -eq (get-date).Date.AddDays(1))} | |
| #Variable to store errors | |
| $caughtErrors = "" | |
| foreach($user in $expiringUsers) | |
| { | |
| #Construct the email to send | |
| $images = @{ | |
| image1 = $image | |
| } | |
| $body = "<html> | |
| <head><style>h1{font-size: 24pt; font-weight: normal; width: 150px; display: inline; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif;width=""150""} | |
| div{font-size: 12pt; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif;}</style></head> | |
| <body><img src=""cid:image1"" width=""200"" height=""100""><br> | |
| <h1>Reminder</h1><div> | |
| <p>Your account password will expire on " + $user.PasswordLastSet.AddDays($maxPasswordAge) + "</p> | |
| <p>When logged onto a computer, press <i>CTRL+Alt+Delete</i> and select <i>""Change a Password...""</i> to update your password.</p> | |
| <p>If you require assistance, please contact <a href=""https://<YOUR WEBSITE>/"">Support.<a/></p> | |
| </div></body> | |
| </html> | |
| " | |
| $params = @{ | |
| InlineAttachments = $images | |
| Body = $body | |
| BodyAsHtml = $true | |
| Subject = "Reminder - Your Account Password Will Expire Soon" | |
| From = "ITSupport@<YOURCOMPANY>.com" | |
| To = $user.mail | |
| SmtpServer = "<YOURSMTPSERVER.YOURDOMAIN.COM>" | |
| } | |
| try{ | |
| Send-MailMessage @params | |
| } | |
| catch{ | |
| $ErrorMessage = $_.Exception.Message | |
| $caughtErrors += "ERROR On: " + $user.DisplayName + " - " + $ErrorMessage | |
| } | |
| } | |
| #Output emailed users to the log | |
| $properties = @{Expression={$_.Displayname};Label="Display Name"}, ` | |
| @{Expression={$_.PasswordLastSet.addDays($maxPasswordAge).toShortDateString()};Label="Password Expiry Date"}, ` | |
| @{Expression={[datetime]::fromfiletime($_.lastLogon).toShortDateString()};Label="Last Logon Date"}, ` | |
| @{Expression={$_.mail};Label="E-mail Address"} | |
| #Output users to the log | |
| $expiringUsers | Sort-Object PasswordLastSet | format-Table -Wrap -AutoSize -Property $properties | Out-File -FilePath ($logPath + $LogName + ".txt") | |
| #Append any errors to the log | |
| $caughtErrors | Out-File -FilePath ($logPath + $LogName + ".txt") -Append |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment