Skip to content

Instantly share code, notes, and snippets.

@meoso

meoso/example.com-account-password-activation-email.ps1

Created June 2, 2022 13:46
Show Gist options
  • Save meoso/f17307bb852930960c1c7fb2d55e967f to your computer and use it in GitHub Desktop.
Save meoso/f17307bb852930960c1c7fb2d55e967f to your computer and use it in GitHub Desktop.
Download ZIP
PowerShell account activation email script
Raw
example.com-account-password-activation-email.ps1
#################################################################################################################
#
# Script for Account Activation Notifications (i.e. Password Must be Changed at next logon)
# v20180329
# Heavily gutted/modified from Password Expiry Email Notification Version 1.4 by Robert Pearman (WSSMB MVP) @ TitleRequired.com
# Originally downloaded from https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27
# Requires: Windows PowerShell Module for Active Directory
#
##################################################################################################################
# Please Configure the following variables....
$testing = $true # Set to $false to Email Users
$SearchBase="DC=EXAMPLE,DC=COM"
$smtpServer="smtp.example.com"
$from = "EXAMPLE.COM Support <[email protected]>"
$logging = $true # Set to $false to Disable Logging
$logFile = "c:\PS-pwd-activation.csv"
$adminEmailAddr = "[email protected]","[email protected]","[email protected]" #multiple addr allowed but MUST be independent strings separated by comma
$sampleEmails = 3 #number of sample email to send to adminEmailAddr when testing ; in the form $sampleEmails="ALL" or $sampleEmails=##
###################################################################################################################
# System Settings
$textEncoding = [System.Text.Encoding]::UTF8
$date = Get-Date -format yyyy-MM-dd
# End System Settings
write-host "Processing `"$SearchBase`" for Account-Activation-Notifications"
#set max sampleEmails to send to $adminEmailAddr
if ( $sampleEmails -isNot [int]) {
if ( $sampleEmails.ToLower() -eq "all") {
$sampleEmails=$users.Count
} #else use the value given
}
if ($testing -eq $true) {
Write-Host "Testing only; $sampleEmails email samples will be sent to $adminEmailAddr"
}
# Create CSV Log
if ($logging -eq $true) {
# Create Empty CSV File and Headers
Out-File $logfile
Add-Content $logfile '"Date","sAMAccountName","displayName","Created","EmailAddress","Notified"'
}
Import-Module ActiveDirectory
# Get Users From AD who are Enabled and Passwords never set (management creates accounts and sets initial password, user has never set password, so pwdLastSet = 0)
$users = get-aduser -SearchBase $SearchBase -Filter {(pwdLastSet -eq 0) -and (enabled -eq $true)} -properties sAMAccountName, displayName, EmailAddress, whenCreated
$countprocessed=${users}.Count
$samplesSent=0
$countfailed=0
$countnotsent=0
# Process Each User
foreach ($user in $users) {
$dName = $user.displayName
$sName = $user.sAMAccountName
$emailaddress = $user.emailaddress
$whencreated = $user.whencreated
# Email Subject Set Here
$subject="Please activate your new login account"
# Email Body Set Here, Note You can use HTML, including Images.
$body="
<p>An EXAMPLE.COM ID account &quot;<b>$sName</b>&quot; was created for <i>$dName</i>.</p>
<p>Please activate your account by visiting https://PASSWORD.EXAMPLE.COM to change your password.</p>
<p>Thank you,<br>
EXAMPLE.COM Support<br>
[email protected]<br>
www.EXAMPLE.COM/support/<br>
</p>
"
# If testing-enabled and send-samples, then set recipient to admin
if (($testing -eq $true) -and ($samplesSent -lt $sampleEmails)) {
$recipient = $adminEmailAddr
} else {
$recipient = $emailaddress
}
# Send Email Message
if ($emailaddress -ne $null) {
if ( ($testing -eq $false) -or (($testing -eq $true) -and ($samplesSent -lt $sampleEmails)) ) {
try {
Send-Mailmessage -smtpServer $smtpServer -from $from -to $recipient -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding -ErrorAction Stop -ErrorVariable err
} catch {
write-host "Error: Failed to send email for $sName to $recipient via $smtpServer"
$sent = "Send fail"
$countfailed++
} finally {
if ($err.Count -eq 0) {
write-host "Sent email for $sName to $recipient"
if ($testing -eq $true) {
$samplesSent++
$sent = "toAdmin"
} else { $sent = "Yes" }
}
}
} else {
Write-Host "Testing mode: skipping email to $emailaddress"
$sent = "No"
$countnotsent++
}
} else {
Write-Host "$dName ($sName) has no email address."
$sent = "No Addr"
$countnotsent++
}
# If Logging is Enabled Log Details
if ($logging -eq $true) {
Add-Content $logfile "`"$date`",`"$sName`",`"$dName`",`"$whencreated`",`"$emailaddress`",`"$sent`""
}
} # End User Processing
$countsent=$countprocessed-${countfailed}-${countnotsent}
Write-Host "$countprocessed Users Processed from `"$SearchBase`"."
Write-Host "$countsent Emails Sent."
Write-Host "$countnotsent Emails skipped."
Write-Host "$countfailed Emails failed."
# Report the CSV File
if ($logging -eq $true) {
Write-Host "`nCSV File created at $logfile"
if ($testing -eq $true) {
$body="<b><i>Testing Mode.</i></b><br>"
} else {
$body=""
}
$body+="
CSV Attached for $date<br>
$countprocessed Users Processed from `"$SearchBase`".<br>
$countsent Emails Sent.<br>
$countnotsent Emails skipped.<br>
$countfailed Emails failed.<br>
"
try {
Send-Mailmessage -smtpServer $smtpServer -from $from -to $adminEmailAddr -subject "Account Activation Notification Log" -body $body -bodyasHTML -Attachments "$logFile" -priority High -Encoding $textEncoding -ErrorAction Stop -ErrorVariable err
} catch {
write-host "Error: Failed to email CSV log to $adminEmailAddr via $smtpServer"
} finally {
if ($err.Count -eq 0) {
write-host "CSV emailed to $adminEmailAddr"
}
}
}
# End
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment