105 lines
5.2 KiB
PowerShell
105 lines
5.2 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
This script is used in order to send an message to users of an organisation that their password will expire in the near feature.
|
|
|
|
.DESCRIPTION
|
|
within this script you can specify when you want the first warning to be send and start from how many days there will be a daily email.
|
|
If you set the $STR_FirstReminder and $STR_DailyReminders equal to eachother, the users will receive a daily email reminder only.
|
|
|
|
Also change the function SendMailv2 in a way that it can be used in your specific case.
|
|
|
|
.NOTES
|
|
Author: D.de Kooker - info@dcomputers.nl
|
|
Version: 1.1
|
|
|
|
DISCLAIMER: Use scripts at your own risk, if there is anything I can help you with I will try but I do not take responsibility for the way that anyone else uses my scripts.
|
|
Sharing is caring. Share your knowledge with the world so that everybody can learn from it.
|
|
|
|
.LINK
|
|
The latest version can Always be found on my GIT page on the link below:
|
|
|
|
|
|
.COMPONENT
|
|
In order to run this script you will need the ActiveDirectory Powershell Module and in order to send email you will need a working SMTP server.
|
|
#>
|
|
|
|
#region Global script settings and variables
|
|
$STR_SMTPServer = ""
|
|
$STR_SMTPServerPort = ""
|
|
$STR_SMTPUsername = ""
|
|
$STR_SMTPPassword = ""
|
|
$STR_SMTPFromaddress = "Servicedesk ICT <servicedesk@contoso.com>"
|
|
$STR_AdminEmail = "servicedesk@contoso.com,systemengineer1@contoso.com" #List of commaseperated emailaddresses of the admins
|
|
$STR_DateFormat = "dd-MM-yyyy"
|
|
$STR_Date = Get-Date -Format $STR_DateFormat
|
|
$STR_Domain = "" #This is placed in the email title
|
|
$STR_OUSearchBase = "OU=Users,DC=CONTOSO,DC=COM" #Coma seperated list of OU searchbases
|
|
$STR_LogfileLocation = "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Logs"
|
|
$STR_Logfile = "$STR_LogfileLocation\$STR_Date.log"
|
|
$STR_LogfileNOemail = "$STR_LogfileLocation\$STR_Date-noemail.log"
|
|
|
|
$STR_FirstReminder = "14" #After this amount of days the first mail message will be sent to the user reminding them to change thier password.
|
|
$STR_DailyReminders = "7" #After this amount of days users will receive a daily message about thier password
|
|
|
|
#endregion
|
|
|
|
#region Functions
|
|
function SendMailv2 ($To,$Subject,$Body){
|
|
$SMTPClient = New-Object Net.Mail.SmtpClient($STR_SMTPServer, $STR_SMTPServerPort)
|
|
# $SMTPClient.EnableSsl = $true
|
|
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential($STR_SMTPUsername, $STR_SMTPPassword);
|
|
$SMTPMessage = New-Object System.Net.Mail.MailMessage($STR_SMTPFromaddress,$To,$Subject,$Body)
|
|
$SMTPMessage.IsBodyHTML = $true
|
|
$SMTPClient.Send($SMTPMessage)
|
|
}
|
|
#endregion
|
|
|
|
#region prerequisites
|
|
#Check if folders exists or create them
|
|
if (!(test-path $STR_LogfileLocation)) {mkdir $STR_LogfileLocation}
|
|
#endregion
|
|
|
|
#region script
|
|
#Collect all users and the attributes we need
|
|
foreach ($SearchBase in $STR_OUSearchBase) {
|
|
$QRY_ADUsers = Get-ADUser -SearchBase $SearchBase -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $false } -Properties 'msDS-UserPasswordExpiryTimeComputed', 'mail'
|
|
|
|
#Start foreach statement of above query
|
|
foreach ($User in $QRY_ADUsers) {
|
|
$STR_ExpireDate = [datetime]::FromFileTime( $User.'msDS-UserPasswordExpiryTimeComputed' )
|
|
$STR_ExpireDate_String = $STR_ExpireDate.ToString($STR_DateFormat)
|
|
|
|
#Calculate the days remaining
|
|
$VAR_DaysRemaining = New-TimeSpan -Start $(Get-Date) -End $STR_ExpireDate
|
|
$VAR_DaysRemaining = $VAR_DaysRemaining.Days
|
|
|
|
#Collect user information into variables
|
|
$VAR_User_Name = $User.GivenName
|
|
$VAR_User_Email = $User.mail
|
|
$VAR_User_Account = $User.SamAccountName
|
|
|
|
#Write logging for users without email variable
|
|
if ($null -eq $VAR_User_Email){
|
|
"Wachtwoord van $VAR_User_Name ($VAR_User_Account), Verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String, Geen email adress gevonden!<br>" >> $STR_LogfileNOemail
|
|
}
|
|
|
|
#Send email message if password is expiring
|
|
if ($VAR_DaysRemaining -eq $STR_FirstReminder -or $VAR_DaysRemaining -le $STR_DailyReminders -and $null -ne $VAR_User_Email -and $VAR_DaysRemaining -ge 0) {
|
|
$VAR_Subject = "Uw $STR_Domain wachtwoord verloopt over $VAR_DaysRemaining dagen"
|
|
$INP_Body = Get-Content "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Template-KSANL.htm" -Raw
|
|
Invoke-Expression "`$VAR_Body = `@""`n`r$INP_Body`n`r""`@"
|
|
|
|
SendMailv2 -To $VAR_User_Email -Subject $VAR_Subject -Body $VAR_Body
|
|
}
|
|
"Email verstuurd naar:$VAR_User_Email, het wachtwoord verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String" >> $STR_Logfile
|
|
}
|
|
}
|
|
#Send mail message to administartors with accounts without email
|
|
if (Test-Path $STR_LogfileNOemail -PathType Leaf) {
|
|
$VAR_Subject = "ERROR: Accounts op $STR_Domain gevonden waarbij het wachtwoord verloopt zonder email!"
|
|
$VAR_Body = Get-Content $STR_LogfileNOemail
|
|
|
|
SendMailv2 -To $STR_AdminEmail -Subject $VAR_Subject -Body $VAR_Body
|
|
}
|
|
|
|
#endregion |