Active Directory: Send password expiry Email notice to users


Here is very useful script written by me. Feel free to use on your network.

This script queries the local Active Directory for users whose password is expiring in given number of days, then send email notice to the user.

Download the PowerShell Script

The source code:

 <#
    **************************************************************************************************
    ** Script: Email-PasswordExpiry-Notice.ps1                                                      **
    ** Purpose: Send Email Notice to users before their AD passwrod expires                         **
    ** Note: Make sure to provide your own values with the comment "$# <--- "" in this script       **
    **                                                                                              **
    ** Written by: Anand, the Awesome, Venkatachalapathy                                            **
    **************************************************************************************************
#>

$DaysBeforeExpiry = 5 # <--- Change your own number of days before password expiry (to start SPAMing users)

# Query AD for users whose password is expiring close to $DaysBeforeExpiry days
$users = Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed","mail"  `
| Where-Object {$_.mail -ne $null } `
| Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},"Mail","SamAccountName" `
| Where-Object {$_.ExpiryDate -lt (Get-Date).AddDays($DaysBeforeExpiry) -and $_.ExpiryDate -gt (Get-Date) } 


#Send Email to the users from the above query results
$from = "IT-Town-Crier@company.com"  # <--- Change your own From Email address
$smtpserver = "smtp.compnay.com"     # <--- Type your local SMTP server

foreach($user in $users)
{
    $expirydays = (([DateTime]$user.ExpiryDate) - (get-date)).Days
    $to = $user.mail
    $username = $user.SamAccountName
    $domainname = env:USERDOMAIN
    $subject = "Your Password Will Expire in $expirydays Days"

    $body = @"
Your Active Directory account ($domainname\$username) Password Will Expire in $expirydays Days. 

Change your password when possible. On Windows computer, press Control-Alt-Delete & choose change password. 

--Your Friendly Neighbourhood IT 
"@
    
    $to
    $subject
    $body
    '*' * 80
    Send-MailMessage -Body $body -From $from -SmtpServer $smtpserver -Priority High -Subject $subject -To $to 

}

<#
    ***************** The End of the Script *****************
#> 
Advertisements

2 thoughts on “Active Directory: Send password expiry Email notice to users

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s