mbrownnycnyc · October 20, 2014 18:58
diff --git a/notify-userpasswordexpiring.ps1 b/notify-userpasswordexpiring.ps1
 #################################################################################################################
 # 
 # Version 1.1 May 2014
 # Robert Pearman (WSSMB MVP)
 # TitleRequired.com
 # Script to Automated Email Reminders when Users Passwords due to Expire.
 #
 # modified by matt brown
 #
 # Requires: Windows PowerShell Module for Active Directory
 #
 # For assistance and ideas, visit the TechNet Gallery Q&A Page. http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27/view/Discussions#content
 #
 ##################################################################################################################
 # Please Configure the following variables....
 $smtpServer="cashub.contoso.corp"
 $from = "IT Support <[email protected]>"
 $logging = "Enabled" # Set to Disabled to Disable Logging
 $logFile = "c:\passwordscript.out" # ie. c:\mylog.csv
 $testing = "disabled" # Set to Disabled to Email Users
 $testRecipient = "[email protected]"
 $date = Get-Date -format ddMMyyyy
 #
 ###################################################################################################################

 # Check Logging Settings
 if (($logging) -eq "Enabled")
 {
    # Test Log File Path
    $logfilePath = (Test-Path $logFile)
    if (($logFilePath) -ne "True")
    {
        # Create CSV File and Headers
        New-Item $logfile -ItemType File
        Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
    }
 } # End Logging Check

 # Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
 Import-Module ActiveDirectory
 $users = get-aduser -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where {$_.Enabled -eq $true} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
 $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

 # Process Each User for Password Expiry
 foreach ($user in $users)
 {
    $GivenName = (Get-ADUser $user | foreach { $_.GivenName})
    $emailaddress = $user.emailaddress
    $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
    $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
    # Check for Fine Grained Password
    if (($PasswordPol) -ne $null)
    {
        $maxPasswordAge = ($PasswordPol).MaxPasswordAge
    }
  
    $expireson = $passwordsetdate + $maxPasswordAge
    $today = (get-date)
    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
        
    # Set Greeting based on Number of Days to Expiry.

    # Check Number of Days to Expiry
    $messageDays = $daystoexpire

    if (($messageDays) -ge "1")
    {
        $messageDays = "in " + "$daystoexpire" + " days"
    }
    else
    {
        $messageDays = "in the NEXT 24 HOURS"
    }

    # Email Subject Set Here
    $subject="[NOTICE] Your Windows password expires $messageDays"
  
    # Email Body Set Here, Note You can use HTML, including Images.
    $body = "
      <p style=`"font-size:11pt;font-family:calibri`">
      Good Afternoon $Givenname,<br \><br \>
      Your Windows password will expire <span style=`"color:red`"><strong>$messageDays</strong></span> ($Expireson).<br \><br \>
      <b>**Please remember to change your password on laptops and mobile devices as well**</b></p>    
      "
      #"
   
    # If Testing Is Enabled - Email Administrator
    if (($testing) -eq "Enabled")
    {
        $emailaddress = $testRecipient
    } # End Testing

    # If a user has no email address listed
    if (($emailaddress) -eq $null)
    {
        $emailaddress = $testRecipient    
    }# End No Valid Email

    # Send Email Message
    if (($daystoexpire -ge "0") -and ( ($daystoexpire -eq "14") -or ($daystoexpire -eq "7") -or ($daystoexpire -le "3") ) )
    {
         # If Logging is Enabled Log Details
        if (($logging) -eq "Enabled")
        {
            Add-Content $logfile "$date,$GivenName,$emailaddress,$daystoExpire,$expireson" 
        }
        # Send Email Message
        Send-Mailmessage -smtpServer $smtpServer -from "$from" -to "$emailaddress" -bcc "[email protected]" -subject "$subject" -body "$body" -bodyasHTML -priority High -attachments "changing_password_laptop.pdf"
    } # End Send Message
 } # End User Processing


 # End
	#################################################################################################################
	#
	# Version 1.1 May 2014
	# Robert Pearman (WSSMB MVP)
	# TitleRequired.com
	# Script to Automated Email Reminders when Users Passwords due to Expire.
	#
	# modified by matt brown
	#
	# Requires: Windows PowerShell Module for Active Directory
	#
	# For assistance and ideas, visit the TechNet Gallery Q&A Page. http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27/view/Discussions#content
	#
	##################################################################################################################
	# Please Configure the following variables....
	$smtpServer="cashub.contoso.corp"
	$from = "IT Support <[email protected]>"
	$logging = "Enabled" # Set to Disabled to Disable Logging
	$logFile = "c:\passwordscript.out" # ie. c:\mylog.csv
	$testing = "disabled" # Set to Disabled to Email Users
	$testRecipient = "[email protected]"
	$date = Get-Date -format ddMMyyyy
	#
	###################################################################################################################

	# Check Logging Settings
	if (($logging) -eq "Enabled")
	{
	# Test Log File Path
	$logfilePath = (Test-Path $logFile)
	if (($logFilePath) -ne "True")
	{
	# Create CSV File and Headers
	New-Item $logfile -ItemType File
	Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
	}
	} # End Logging Check

	# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
	Import-Module ActiveDirectory
	$users = get-aduser -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress \| where {$_.Enabled -eq $true} \| where { $_.PasswordNeverExpires -eq $false } \| where { $_.passwordexpired -eq $false }
	$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

	# Process Each User for Password Expiry
	foreach ($user in $users)
	{
	$GivenName = (Get-ADUser $user \| foreach { $_.GivenName})
	$emailaddress = $user.emailaddress
	$passwordSetDate = (get-aduser $user -properties * \| foreach { $_.PasswordLastSet })
	$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
	# Check for Fine Grained Password
	if (($PasswordPol) -ne $null)
	{
	$maxPasswordAge = ($PasswordPol).MaxPasswordAge
	}

	$expireson = $passwordsetdate + $maxPasswordAge
	$today = (get-date)
	$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

	# Set Greeting based on Number of Days to Expiry.

	# Check Number of Days to Expiry
	$messageDays = $daystoexpire

	if (($messageDays) -ge "1")
	{
	$messageDays = "in " + "$daystoexpire" + " days"
	}
	else
	{
	$messageDays = "in the NEXT 24 HOURS"
	}

	# Email Subject Set Here
	$subject="[NOTICE] Your Windows password expires $messageDays"

	# Email Body Set Here, Note You can use HTML, including Images.
	$body = "
	<p style=`"font-size:11pt;font-family:calibri`">
	Good Afternoon $Givenname,<br \><br \>
	Your Windows password will expire <span style=`"color:red`"><strong>$messageDays</strong></span> ($Expireson).<br \><br \>
	<b>Please remember to change your password on laptops and mobile devices as well</b></p>
	"
	#"

	# If Testing Is Enabled - Email Administrator
	if (($testing) -eq "Enabled")
	{
	$emailaddress = $testRecipient
	} # End Testing

	# If a user has no email address listed
	if (($emailaddress) -eq $null)
	{
	$emailaddress = $testRecipient
	}# End No Valid Email

	# Send Email Message
	if (($daystoexpire -ge "0") -and ( ($daystoexpire -eq "14") -or ($daystoexpire -eq "7") -or ($daystoexpire -le "3") ) )
	{
	# If Logging is Enabled Log Details
	if (($logging) -eq "Enabled")
	{
	Add-Content $logfile "$date,$GivenName,$emailaddress,$daystoExpire,$expireson"
	}
	# Send Email Message
	Send-Mailmessage -smtpServer $smtpServer -from "$from" -to "$emailaddress" -bcc "[email protected]" -subject "$subject" -body "$body" -bodyasHTML -priority High -attachments "changing_password_laptop.pdf"
	} # End Send Message
	} # End User Processing


	# End