init III

Windows Passwordablauf Erinnerung/PasswordExpiresReminder.ps1

@@ -0,0 +1,106 @@
+# number of days before password change has to be done. It's not urgent yet
+$DaysToWarn=7
+
+# number of days before it's urgent to change password
+$DaysToLastWarn=2
+
+# OU in AD where to start to look at users
+$Ou="OU=CUSTOMER,DC=conacc,DC=local"
+
+# mails will have this sender address
+$MailFrom="NoReply@conet-services.de"
+
+# mails will be send to this address by default (eg. user has no email address)
+$MailToDefault="help@conet.de"
+
+# which server to use for sending mails
+$MailServer="conlxmail5.conet-services.de"
+
+# define how the subject of reminder mails should look like
+$MailSubject="IT Information: Password expiry notification."
+
+# Define footer text which will be appended to all outgoing reminder mails
+$MailFooter=@"
+
+
+If you need any assistance don't hesitate to contact us.
+You can reach us by mail via help@conet.de or phone +49 69 2972345 555.
+
+Your CONET Team
+"@
+
+# UTF8 encoding used for Mail for german umlauts
+$Utf8=New-Object System.Text.UTF8Encoding
+
+# Run through AD starting from Ou and get some properties from all enabled users whose password will expire 
+Get-ADUser -SearchBase $Ou -Filter 'enabled -eq $true -and PasswordNeverExpires -eq $false' -properties PasswordLastSet,EmailAddress,GivenName,proxyAddresses | foreach {
+   # Pick users last password change date and do some calculations
+   $PasswordSetDate=$_.PasswordLastSet
+   $maxPasswordAgeTimeSpan = $null
+   $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge 
+   $today=get-date
+   $ExpiryDate=$passwordSetDate + $maxPasswordAgeTimeSpan
+   $daysleft=$ExpiryDate-$today
+   
+   # Now we have the days until user needs to change its password
+   $display=$daysleft.days
+   
+   # Build complete name of user
+   $UserName=$_.GivenName + " " + $_.SurName
+   if ($UserName -eq " ") { $UserName = "???" }
+   # Get users mail addresses
+   $MailAddresses=$_.proxyAddresses
+   
+   # Set default email address
+   $MailTo=$MailToDefault
+
+   # Pick primary mail address out of list of addresses
+   # Primary address starts with SMTP: and secondary ones with smtp:
+   $MailAddresses="$MailAddresses".Split(" ") | foreach {
+      if ($_ -cmatch 'SMTP') {
+         $MailAddress="$_".Split(":")
+         $MailTo=$MailAddress[1]
+      }
+   }
+   
+   # Write status message for all users who will receive a reminder
+   if ($display -lt $DaysToWarn -and $display -gt 0){
+      if ($display -eq 1) { $Form = ""  }
+      if ($display -ne 1) { $Form = "s" }
+      $Status = $Username + "s password will expire in " + $display + " day" + $Form + ". Reminded via " + $MailTo
+      Write-Host $Status
+   }
+   
+   # Send reminder to users who should be warned
+   if ($display -lt $DaysToWarn -and $display -ge $DaysToLastWarn){
+      # this text will be send on the first days - some time left for the users
+      # to change their passwords
+      $WarnText=@"
+Hello $UserName, 
+
+Your password will expire in $display days!
+
+Please remind to change your password.
+"@
+      $MailBody = $WarnText
+      $Mail = $MailBody + $MailFooter
+      $MailSubjectComplete = $MailSubject + " " + $display + " days left!"
+      #send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8
+   }
+   
+   # Send reminder to users with little time left
+   if ($display -lt $DaysToLastWarn -and $display -gt 0){
+      # this text will be send when password will expire soon
+      $CritText=@"
+Hello $UserName,
+
+Your password will expire in $display day!
+
+Please change your password as soon as possible.
+"@
+      $MailBody = $CritText
+      $Mail = $MailBody + $MailFooter
+      $MailSubjectComplete = $MailSubject + " " + $display + " day left!"
+      #send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8 -Priority High
+   }
+}