Mosandl

password expiration mail

von

Thomas Mosandl
in , 
##################################################################################################################
# Please Configure the following variables....
$log_date =  Get-Date -format yyyy-M-d
$smtpServer="mailserver.mail.com"
$from = "email@mail.de"
$mail_debug = "false" # true = on / false = off
$mail_debug_email = "email@mail.de"
$mail_log = "false" # true = on / false = off
$mail_log_email = "email@mail.de"
$logfile = "C:passwordexpirelog_$log_date.txt"
###################################################################################################################</span>

#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

Set-Content -Value "Name;Emailaddress;Daystoexpire"  -Path $logfile # Write first line

foreach ($user in $users)
{
$Name = (Get-ADUser $user | foreach { $_.Name})
if ($mail_debug -eq "true" )
{
$emailaddress = $mail_debug_email
}
# if ($mail_debug -eq "false" )
#{
# $emailaddress = $user.emailaddress
#}

$passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PassworldPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}

else
{
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}

$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject="hybris domain password expiring"
$body ="

Dear $name,

Your domain password is due to expire in $daystoexpire days. To change your password,

For additional support please contact the  IT department.

The domain password must meet the following requirements:
<ul>
	<li>password length must be at least 8 characters</li>
	<li>the last 5 passwords are may not be reused</li>
	<li>password must not contain the users account name or parts of the users full name that exceed two consecutive characters</li>
	<li>password must contain characters from three of the following four categories:</li>
</ul>
<ul>
	<li>english uppercase characters (A through Z)</li>
	<li>english lowercase characters (a through z)</li>
	<li>base 10 digits (0 through 9)</li>
<ul>
<ul>
<ul>
	<li>non-alphabetic characters (for example, !, $, #, %)</li>
</ul>
</ul>
</ul>
</ul>

#if ($daystoexpire -lt $expireindays)
#{
# Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
#
#}
if ($daystoexpire -eq "14" )
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile
}
if ($daystoexpire -eq "3")
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile
}

}
if ($mail_log -eq "true" ){
Add-Content -Value "log send to $mail_log_email"  -Path $logfile
$body_log= (Get-Content $logfile | out-string )
Send-Mailmessage -smtpServer $smtpServer -from $from -to $mail_log_email -subject "LOG - domain password expiring" -body $body_log
}
exit