################################################################################################################## # Please Configure the following variables.... $log_date = Get-Date -format yyyy-M-d $smtpServer="mailserver.mail.com" $da = "email@mail.de" $mail_debug = "falso" # vero = attivo / false = off $mail_debug_email = "email@mail.de" $mail_log = "falso" # vero = attivo / false = off $mail_log_email = "email@mail.de" $logfile = "C:passwordexpirelog_$log_date.txt" ###################################################################################################################</campata> #Get Users From AD who are enabled Import-Module ActiveDirectory $users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false } Set-Content -Value "Name;Emailaddress;Daystoexpire" -Path $logfile # Write first line foreach ($user in $users) { $Name = (Get-ADUser $user | per ciascuno { $_.Name}) Se ($mail_debug -eq "vero" ) { $emailaddress = $mail_debug_email } # Se ($mail_debug -eq "falso" ) #{ # $emailaddress = $user.emailaddress #} $passwordSetDate = (get-aduser $user -properties * | per ciascuno { $_.PasswordLastSet }) $PasswordPol = (Get-AduserResultantPasswordPolicy $user) # Check for Fine Grained Password if (($PassworldPol) -ne $null) { $maxPasswordAge = ($PasswordPol).MaxPasswordAge } altro { $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge } $expireson = $passwordsetdate + $maxPasswordAge $today = (get-date) $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days $subject="hybris domain password expiring" $body =" Dear $name, Your domain password is due to expire in $daystoexpire days. To change your password, For additional support please contact the IT department. The domain password must meet the following requirements: <il> <in>password length must be at least 8 characters</in> <in>the last 5 passwords are may not be reused</in> <in>password must not contain the users account name or parts of the users full name that exceed two consecutive characters</in> <in>password must contain characters from three of the following four categories:</in> </il> <il> <in>english uppercase characters (A through Z)</in> <in>english lowercase characters (a through z)</in> <in>base 10 digits (0 through 9)</in> <il> <il> <il> <in>non-alphabetic characters (per esempio, !, $, #, %)</in> </il> </il> </il> </il> #Se ($daystoexpire -lt $expireindays) #{ # Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High # #} Se ($daystoexpire -eq "14" ) { Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile } Se ($daystoexpire -eq "3") { Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High Add-Content -Value "$name;$emailaddress_log;$daystoexpire" -Path $logfile } } Se ($mail_log -eq "true" ){ Add-Content -Value "log send to $mail_log_email" -Path $logfile $body_log= (Get-Content $logfile | out-string ) Send-Mailmessage -smtpServer $smtpServer -from $from -to $mail_log_email -subject "LOG - domain password expiring" -body $body_log } Uscita