# number of days before password change has to be done. It's not urgent yet $DaysToWarn=7 # number of days before it's urgent to change password $DaysToLastWarn=2 # OU in AD where to start to look at users $Ou="OU=CUSTOMER,DC=conacc,DC=local" # mails will have this sender address $MailFrom="NoReply@conet-services.de" # mails will be send to this address by default (eg. user has no email address) $MailToDefault="help@conet.de" # which server to use for sending mails $MailServer="conlxmail5.conet-services.de" # define how the subject of reminder mails should look like $MailSubject="IT Information: Password expiry notification." # Define footer text which will be appended to all outgoing reminder mails $MailFooter=@" If you need any assistance don't hesitate to contact us. You can reach us by mail via help@conet.de or phone +49 69 2972345 555. Your CONET Team "@ # UTF8 encoding used for Mail for german umlauts $Utf8=New-Object System.Text.UTF8Encoding # Run through AD starting from Ou and get some properties from all enabled users whose password will expire Get-ADUser -SearchBase $Ou -Filter 'enabled -eq $true -and PasswordNeverExpires -eq $false' -properties PasswordLastSet,EmailAddress,GivenName,proxyAddresses | foreach { # Pick users last password change date and do some calculations $PasswordSetDate=$_.PasswordLastSet $maxPasswordAgeTimeSpan = $null $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge $today=get-date $ExpiryDate=$passwordSetDate + $maxPasswordAgeTimeSpan $daysleft=$ExpiryDate-$today # Now we have the days until user needs to change its password $display=$daysleft.days # Build complete name of user $UserName=$_.GivenName + " " + $_.SurName if ($UserName -eq " ") { $UserName = "???" } # Get users mail addresses $MailAddresses=$_.proxyAddresses # Set default email address $MailTo=$MailToDefault # Pick primary mail address out of list of addresses # Primary address starts with SMTP: and secondary ones with smtp: $MailAddresses="$MailAddresses".Split(" ") | foreach { if ($_ -cmatch 'SMTP') { $MailAddress="$_".Split(":") $MailTo=$MailAddress[1] } } # Write status message for all users who will receive a reminder if ($display -lt $DaysToWarn -and $display -gt 0){ if ($display -eq 1) { $Form = "" } if ($display -ne 1) { $Form = "s" } $Status = $Username + "s password will expire in " + $display + " day" + $Form + ". Reminded via " + $MailTo Write-Host $Status } # Send reminder to users who should be warned if ($display -lt $DaysToWarn -and $display -ge $DaysToLastWarn){ # this text will be send on the first days - some time left for the users # to change their passwords $WarnText=@" Hello $UserName, Your password will expire in $display days! Please remind to change your password. "@ $MailBody = $WarnText $Mail = $MailBody + $MailFooter $MailSubjectComplete = $MailSubject + " " + $display + " days left!" #send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8 } # Send reminder to users with little time left if ($display -lt $DaysToLastWarn -and $display -gt 0){ # this text will be send when password will expire soon $CritText=@" Hello $UserName, Your password will expire in $display day! Please change your password as soon as possible. "@ $MailBody = $CritText $Mail = $MailBody + $MailFooter $MailSubjectComplete = $MailSubject + " " + $display + " day left!" #send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8 -Priority High } }