Powershell Script: Check Password Expiration's In Active Directory
Maybe your like
UPDATE: March 1, 2020 Please use the updated script: https://thesysadminchannel.com/get-password-expiration-date-using-powershell-active-directory/
Chances are if you manage users in your organization, you’re going to need to Check Password Expirations In Active Directory to see who’s account is in need of a password change. This can be especially useful if you would like to notify those users several days in advance so they’re not calling the help desk on the day of.
We want to automate as much of this as possible and luckily, we have Powershell to do all the heavy lifting.
Powershell Script to Check Password Expirations in Active Directory <# #requires -Module ActiveDirectory .SYNOPSIS Checks to see if the account is X days within password expiration. For updated help and examples refer to -Online version. .DESCRIPTION In this example if the $emailDate is set to -80 and $expiredDate is set to -90 it will show all users whos passwords are within 10 days of expiration. For updated help and examples refer to -Online version. .NOTES Name: Get-PasswordExpiredUsers.ps1 Version: 1.0 Author: The Sysadmin Channel Date of last revision: 3/18/2017 .LINK https://thesysadminchannel.com/powershell-script-check-password-expirations-in-active-directory - #> Import-Module ActiveDirectory #Set the number of days within expiration. This will start to send the email x number of days before it is expired. $DaysWithinExpiration = 10 #Set the days where the password is already expired and needs to change. -- Do Not Modify -- $MaxPwdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days $expiredDate = (Get-Date).addDays(-$MaxPwdAge) #Set the number of days until you would like to begin notifing the users. -- Do Not Modify -- $emailDate = (Get-Date).addDays(-($MaxPwdAge - $DaysWithinExpiration)) #Filters for all users who's password is within $date of expiration. $ExpiredUsers = Get-ADUser -Filter {(PasswordLastSet -lt $emailDate) -and (PasswordLastSet -gt $expiredDate) -and (PasswordNeverExpires -eq $false) -and (Enabled -eq $true)} -Properties PasswordNeverExpires, PasswordLastSet, Mail | select samaccountname, PasswordLastSet, @{name = "DaysUntilExpired"; Expression = {$_.PasswordLastSet - $ExpiredDate | select -ExpandProperty Days}}, @{name = "EmailAddress"; Expression = {$_.mail}} | Sort-Object PasswordLastSet $ExpiredUsersCopy and Paste the contents of this file and save it as Get-PasswordExpiredUsers.ps1. Make sure you run the script as an administrator. When you run the file it should look something like this.
This will filter all users and only show the samaccountname, PasswordLastSet, DaysUntilExpired and the EmailAddress
Great!! We have the script, but what good does that do us if we don’t notify them. After all, that was the point to begin with right? Of course it was. We want to automate the milk out of this so we can basically set it and forget.
Send Email to Notify Users of Password ExpirationNow we just have to append this part to the rest of the script so we can notify our users automatically. Here is the rest of the script.
Start-Sleep 5 Foreach ($User in $ExpiredUsers) { # Creating .NET Objects $msg = new-object Net.Mail.MailMessage # Setting up the email parameters. $msg.From = "admin@" + ($env:userdnsdomain).ToLower() $msg.To.Add($User.EmailAddress) $msg.Subject = "Your Password Will Expire in " + $User.DaysUntilExpired + " days" $msg.Body = "Hello,`n`nThis email is to notify you that your password will expire in " + $User.DaysUntilExpired + " days.`n`nPlease consider changing it to avoid any service interruptions.`n`nThank you,`nThe I.T. Department." # Send an email with an alert $smtpServer = "mailhost" $smtp = new-object Net.Mail.SmtpClient($smtpServer) $smtp.Send($msg) Start-Sleep 2 Remove-Variable msg Remove-Variable smtp Remove-Variable smtpServer } 4.9/5 - (21 votes)
Paul Contreras
Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.
Post navigation SCCM: Create Device Collections Based On AD OUs Encrypting Passwords in Scripts: The Ultimate Best Practice Guide for PowershellOne Comment
-
Great script. Thanks for making it available!
Leave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Search
Search for:Trending Now
Check Pending Reboot Status Using Powershell- Pros and Cons of Exchange Online vs On-Premises
- How To Install Windows 10 Version 1803 – April 2018 Update
- [Solved] SQL Server TCP Port Failed When Installing SCCM Baseline Media
- Script: How to Automate your AD User Accounts with Powershell
- Get Password Expiration Date Using Powershell
- Find Account That Sent Emails From Shared Mailbox using PowerShell
- How To Add Azure AD Roles Using PowerShell With PIM
- Assign Group Based Licensing in Azure AD
- How To Turn Off Read Receipts in Office 365 Exchange Online
Light
Dark
Tag » Active Directory Check If Password Expires Powershell
-
Use PowerShell To Find Out If User Password Expired
-
How To Get AD Users Password Expiration Date - Active Directory Pro
-
Find Password Expiration Date For AD Users [ PowerShell & Free ...
-
HowTo Check When Password Expires In AD [ Powershell & CMD ]
-
Find Get-AdUser Password Expiration Date - ShellGeek
-
Get Password Expiration Date Of AD Users Using Powershell
-
Find Password Expiration For Active Directory User - ITT Systems
-
PowerShell Active Directory Password Expiration Email Notification
-
Check AD Users Password Expiration Time With PowerShell
-
How To Get A List Of Users With Password Never Expires - Netwrix
-
How To Get Notified Of An Expired Password In Active Directory
-
Find Password Expiration For Active Directory Users - Comparitech
-
Set An Individual User's Password To Never Expire - Microsoft Docs
-
How To List AD Users Whose Password Will Expire In 7 Days?