107 lines
3.7 KiB
PowerShell
107 lines
3.7 KiB
PowerShell
# number of days before password change has to be done. It's not urgent yet
|
|
$DaysToWarn=7
|
|
|
|
# number of days before it's urgent to change password
|
|
$DaysToLastWarn=2
|
|
|
|
# OU in AD where to start to look at users
|
|
$Ou="OU=CUSTOMER,DC=conacc,DC=local"
|
|
|
|
# mails will have this sender address
|
|
$MailFrom="NoReply@conet-services.de"
|
|
|
|
# mails will be send to this address by default (eg. user has no email address)
|
|
$MailToDefault="help@conet.de"
|
|
|
|
# which server to use for sending mails
|
|
$MailServer="conlxmail5.conet-services.de"
|
|
|
|
# define how the subject of reminder mails should look like
|
|
$MailSubject="IT Information: Password expiry notification."
|
|
|
|
# Define footer text which will be appended to all outgoing reminder mails
|
|
$MailFooter=@"
|
|
|
|
|
|
If you need any assistance don't hesitate to contact us.
|
|
You can reach us by mail via help@conet.de or phone +49 69 2972345 555.
|
|
|
|
Your CONET Team
|
|
"@
|
|
|
|
# UTF8 encoding used for Mail for german umlauts
|
|
$Utf8=New-Object System.Text.UTF8Encoding
|
|
|
|
# Run through AD starting from Ou and get some properties from all enabled users whose password will expire
|
|
Get-ADUser -SearchBase $Ou -Filter 'enabled -eq $true -and PasswordNeverExpires -eq $false' -properties PasswordLastSet,EmailAddress,GivenName,proxyAddresses | foreach {
|
|
# Pick users last password change date and do some calculations
|
|
$PasswordSetDate=$_.PasswordLastSet
|
|
$maxPasswordAgeTimeSpan = $null
|
|
$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
|
|
$today=get-date
|
|
$ExpiryDate=$passwordSetDate + $maxPasswordAgeTimeSpan
|
|
$daysleft=$ExpiryDate-$today
|
|
|
|
# Now we have the days until user needs to change its password
|
|
$display=$daysleft.days
|
|
|
|
# Build complete name of user
|
|
$UserName=$_.GivenName + " " + $_.SurName
|
|
if ($UserName -eq " ") { $UserName = "???" }
|
|
# Get users mail addresses
|
|
$MailAddresses=$_.proxyAddresses
|
|
|
|
# Set default email address
|
|
$MailTo=$MailToDefault
|
|
|
|
# Pick primary mail address out of list of addresses
|
|
# Primary address starts with SMTP: and secondary ones with smtp:
|
|
$MailAddresses="$MailAddresses".Split(" ") | foreach {
|
|
if ($_ -cmatch 'SMTP') {
|
|
$MailAddress="$_".Split(":")
|
|
$MailTo=$MailAddress[1]
|
|
}
|
|
}
|
|
|
|
# Write status message for all users who will receive a reminder
|
|
if ($display -lt $DaysToWarn -and $display -gt 0){
|
|
if ($display -eq 1) { $Form = "" }
|
|
if ($display -ne 1) { $Form = "s" }
|
|
$Status = $Username + "s password will expire in " + $display + " day" + $Form + ". Reminded via " + $MailTo
|
|
Write-Host $Status
|
|
}
|
|
|
|
# Send reminder to users who should be warned
|
|
if ($display -lt $DaysToWarn -and $display -ge $DaysToLastWarn){
|
|
# this text will be send on the first days - some time left for the users
|
|
# to change their passwords
|
|
$WarnText=@"
|
|
Hello $UserName,
|
|
|
|
Your password will expire in $display days!
|
|
|
|
Please remind to change your password.
|
|
"@
|
|
$MailBody = $WarnText
|
|
$Mail = $MailBody + $MailFooter
|
|
$MailSubjectComplete = $MailSubject + " " + $display + " days left!"
|
|
#send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8
|
|
}
|
|
|
|
# Send reminder to users with little time left
|
|
if ($display -lt $DaysToLastWarn -and $display -gt 0){
|
|
# this text will be send when password will expire soon
|
|
$CritText=@"
|
|
Hello $UserName,
|
|
|
|
Your password will expire in $display day!
|
|
|
|
Please change your password as soon as possible.
|
|
"@
|
|
$MailBody = $CritText
|
|
$Mail = $MailBody + $MailFooter
|
|
$MailSubjectComplete = $MailSubject + " " + $display + " day left!"
|
|
#send-mailmessage -to $MailTo -from $MailFrom -Subject $MailSubjectComplete -body $Mail -smtpserver $MailServer -Encoding $Utf8 -Priority High
|
|
}
|
|
}
|