Wednesday, August 14, 2013

Password Expiry Notification - Powershell Script

Here's a powershell script to send out email to end user to remind them of password expiry.

Feel free to use it. It's not the best method but it gets the work done for me. If you make it better please post it back so it can help other users.




# ======================================

# = Password Expiry Email Notification =

# ======================================

# Created: [10/10/2013]

# By ijaved
$smtpSrv = "smtp.server.com" #Name of your exchange server.
$emailDomain = "@server.com" #Your email domain
$emailUser = "helpdesk" #Needs this to authenticate before sending email.
$emailPass = "HelpDeskPwd" #Pass for above user.
$emailFrom = helpdesk@server.com #Sender Email Address
$adminEmail = alerts@server.com #CC admin on email sent to user.
$owaUrl = "https://owa.server.com/owa" #OWA URL needed for email msg
$groupName = "RemoteUsers" #Name of security group where user will be picked up from.




#Function Mail Users
 
 
Function mail {
$smtpserver = $smtpSrv
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.EnableSsl = $True
$smtp.Credentials = New-Object System.Net.NetworkCredential($emailUser, $emailPass);
$msg.From = $emailFrom
$msg.To.Add($email)
$msg.CC.Add($adminEmail)
$msg.Subject = “Password Expiry Notice!”
$msg.Body = “Hi "+ $fullName +",





 
 
You have $calExpire days left to change your password. Your password will expire on $formatDate.




You can either do it by pressing <CTRL><ALT><DELETE> and then clicking Change Password button or from OWA.

To change it from OWA please follow the below steps :-
 
 
1. Open any Web browser and type $owaUrl in the address bar.




2. Log in using your credentials.

3. Once you are logged in, click on Options, located at the top right hand corner of OWA.

4. Drop down menu will display multiple option. Click on Change Your Password.

5. Enter your former password as well as your new password, and then click on Save.

6. Outlook Web Access will tell you that your password has been successfully changed. Click on OK to log in with your new password.

Best Regards,

HelpDesk"
 
 

$smtp.Send($msg)



}
 
#End Function Mail
 
 




#Users in an array for testing. Add multiple like this "test","test2"

#$users = "jiqbal"
 
 




#Users from domain group
 
 
$pickUser = net group $groupName /domain | out-string

$users = (($pickUser -split "(-{79})|(The command completed successfully.)")[2]) -split "\s+"




#Loop through $users and get each user and run.
 
 
foreach ($user in $users)



{
 
#Check if $user is not empty
 
 
If (!$user){Continue}

Else {



#Execute net user command with username
 
 
$result = net user $user /domain



#Get Firstname of user by selecting string with "Full Name"
 
 
$fName = $result | select-string "Full Name"



#Split at space and drop empty spaces with where-object (where object is not equal to space) collect word 4 & 5 (Firstname & Lastname)
 
 
$filternames = $fName.tostring().split("") | where-object {$_ -ne ""}



#Pick Names from the array 2 & 3
 
 
$name = $filternames[2,3]



#Join the two together
 
 
$fullName = [string]::Join(" ", $name)




#Creating email by adding Firstname.Lastname
 
 
$email = [string]::Join(".", $name) + $emailDomain




#Get password expiry date by searching "Password expires"
 
 
$pwdexpires = $result | select-string "Password expires"




#Split at space and collect array 2 which is the password expiry date
 
 
$formatDate = $pwdexpires.tostring().split(" ") | where-object{$_ -ne ""} ; $formatDate = $formatDate[2]




#If password never expired is selected then you will get error. Skip the user by using if statement
 
 
If ($formatDate -eq "Never"){Write-Host -f red "Skipping $user : Password never expires selected."; Continue}
Else{



#Changing format for expireDate and assigning todays date.
 
 
$expiryDate = Get-Date -Date $formatDate; $today = Get-Date




#Calculate days left to reset by - expiry date with current date. (expiry date will be in future)
 
 
$calExpire = ($expiryDate - $today).days



}
 
#Notify admin about expiry date if its less than 14
 
 
If ($calExpire -le 14){
Write-Host "$fullName has $calExpire days left to change his password. His password will expire on $formatDate."


}
 
#If expiry date is equal to 7 / 3 / 1 then go ahead and send email notification to user.
 
 
If ($calExpire -le 7){mail}
ElseIf ($calExpire -eq 4){mail}
ElseIf ($calExpire -eq 3){mail}
ElseIf ($calExpire -eq 2){mail}
ElseIf ($calExpire -eq 1){mail}
Else {Write-Host -f green "$fullName has $calExpire days left"}



}

}
 


No comments:

Post a Comment