################################################################################################################## # Please Configure the following variables.... $log_date = Get-Date -format yyyy-M-d $smtpServer="mailserver.mail.com" $from = "email@mail.de" $mail_debug = "false" # true = on / false = off $mail_debug_email = "email@mail.de" $mail_log = "false" # true = on / false = off $mail_log_email = "email@mail.de" $logfile = "C:passwordexpirelog_$log_date.txt" ###################################################################################################################</span> #Get Users From AD who are enabled Import-Module ActiveDirectory $users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false } Set-Content -Value "Name;Emailaddress;Daystoexpire" -Path $logfile # Write first line foreach ($user in $users) { $Name = (Get-ADUser $user | foreach { $_.Name}) if ($mail_debug -eq "true" ) { $emailaddress = $mail_debug_email } # if ($mail_debug -eq "false" ) #{ # $emailaddress = $user.emailaddress #} $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet }) $PasswordPol = (Get-AduserResultantPasswordPolicy $user) # Check for Fine Grained Password if (($PassworldPol) -ne $null) { $maxPasswordAge = ($PasswordPol).MaxPasswordAge } else { $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge } $expireson = $passwordsetdate + $maxPasswordAge $today = (get-date) $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days $subject="hybris domain password expiring" $body =" Dear $name, Your domain password is due to expire in $daystoexpire days. To change your password, For additional support please contact the IT department. The domain password must meet the following requirements: <ul> <li>password length must be at least 8 characters</li> <li>the last 5 passwords are may not be reused</li> <li>password must not contain the users account name or parts of the users full name that exceed two consecutive characters</li> <li>password must contain characters from three of the following four categories:</li> </ul> <ul> <li>english uppercase characters (A through Z)</li> <li>english lowercase characters (a through z)</li> <li>base 10 digits (0 through 9)</li> <ul> <ul> <ul> <li>non-alphabetic characters (for example, !, $, #, %)</li> </ul> </ul> </ul> </ul> #if ($daystoexpire -lt $expireindays) #{ # Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High # #} if ($daystoexpire -eq "14" ) { Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile } if ($daystoexpire -eq "3") { Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile } } if ($mail_log -eq "true" ){ Add-Content -Value "log send to $mail_log_email" -Path $logfile $body_log= (Get-Content $logfile | out-string ) Send-Mailmessage -smtpServer $smtpServer -from $from -to $mail_log_email -subject "LOG - domain password expiring" -body $body_log } exit