Currently where I work there was an mail send when password is going to expire. That stopped (External party). So I created my own to inform the users when its going to expire.
This script is runned daily on a server with domain tools installed.
On M365 (If used) via admin center, mail account (License needed). Tab mail, Manage email apps
Enable the last option (Default its disabled) Authenticated SMTP
To change in the script below:
Searchbase (Row 8)
HTML email body (Start Row 45)
Subject of the email (Row 86)
From mail address (Row 88)
From mail address and password (Row 101) This can be scripted that its not in the script but locally encrypted stored.
$currentDate = (Get-Date).tostring(“dd-MM-yyyy HH:mm:ss")
$currentDateymd = (Get-Date).tostring(“yyyy-MM-dd")
#when to mail
$Daystomail = 60,30,10,5,1
### Change the SearchBase to specify location. Or remove to search over all accounts
$users = Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "mail", "msDS-UserPasswordExpiryTimeComputed", "GivenName", "SN" -SearchBase "OU=Users,OU=XXX,DC=XXX,DC=XXX,DC=XX"
Foreach ($user in $users)
{
$PWage = $user | Select-Object -Property @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
$PWage = $PWage -replace '@{ExpiryDate=','' -replace '}',''
$Length = $PWage.Length
#Date time notation is not the same length in the AD.
If ($Length -eq 18)
{
$PWage2 = [Datetime]::ParseExact($PWage, 'dd-MM-yyyy H:mm:ss', $null)
$PWage3 = $PWage2.ToString(“yyyy-MM-dd")
$PWage4 = $PWage2.ToString(“dd-MM-yyyy")
}
If ($Length -eq 19)
{
$PWage2 = [Datetime]::ParseExact($PWage, 'dd-MM-yyyy HH:mm:ss', $null)
$PWage3 = $PWage2.ToString(“yyyy-MM-dd")
$PWage4 = $PWage2.ToString(“dd-MM-yyyy")
}
#calculate the days
$Daysleft = New-TimeSpan -Start $currentDateymd -end $PWage3
#remove Time
$Daysleft = $Daysleft -replace '.00:00:00',''
$usernaam = $user.GivenName + " " + $user.SN
$Useremail = $user.mail
If ($Daystomail -contains $Daysleft)
{
$count ++
$Body = @"
<style>
h1, h5, th { text-align: center; font-family: Calibri; }
<html>
<body>
<span lang=NL style='font-family:"Calibri"font-size:10.0pt;line-height:106%;color:black'>
Beste $usernaam,<br>
<br>
Je windows wachtwoord verloopt over $Daysleft dagen.<br>
Uiterlijk op $PWage4 moet je het wachtwoord aanpassen<br>
<br>
Wachtwoord kan je aanpassen op kantoor of als je met VPN verbonden bent.<br>
Druk op CTRL + ALD + DELETE en ga dan naar wachtwoord wijzigen.
<br>
<br>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body lang=SV>
<span style='font-family:"Calibri";font-size:9pt;color:black;'>Met vriendelijke groet / Kind regards,</span>
<BR>
<BR>
</body>
</html>
<br>
Dit is een automatisch gegenereerd bericht.<br>
<br>
</span>
</style>
"@
$subject = "Je windows wachtwoord verloopt over $Daysleft dagen"
$EmailFrom = "<EMAIL ADDRES FROM>"
$MessageToadd= "$Useremail"
$SMTPServer = "smtp.office365.com"
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$MessageToadd,$subject,$Body)
$SMTPMessage.IsBodyHTML = $true
$Port = 587
$SMTPClient = New-Object Net.Mail.SmtpClient($SMTPServer, $Port)
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("<EMAIL ADDRES FROM>", "<PASSWORD>");
$SMTPClient.Send($SMTPMessage)
}
}
Remove-Variable * -ErrorAction SilentlyContinue