<#
.SYNOPSIS
Checks if user password is with in 5 days of expiring
.DESCRIPTION
Created by Joshua Millikan Website:http://localtechrepair.blogspot.com
Date: 10/14/15
version: 1.00
This script is designed to check if the account is with in 5 days of expiring and then emails them with instructions on how to reset.
#>
#grabs current user information
$getusers = get-aduser $env:USERNAME -Properties *
#grabs todays date
$date = Get-Date
#checks the number of days between the last password set and todays date.
$numberofdays = New-TimeSpan -Start $getusers.PasswordLastSet -end $date
#grabs the domain policy for passwords
$domainpolicydays = Get-ADDefaultDomainPasswordPolicy | select maxpasswordage
#grabs the amount of days from maxpasswordage
[int]$policydays = $domainpolicydays.maxpasswordage.Days
#removes as our 5 day warning
$policydays += -5
#checks if password never expiring is checked. (it should never be checked less service account)
if ($getusers.PasswordNeverExpires -eq $False){
#checks if the number of days is greater than or policy warning
if ($numberofdays.Days -ge $policydays){
$body = "Hello " +$env:USERNAME + "<br /><br /> your password will be expiring soon please change your password.<br /> You can do this by hitting ctrl + alt + del and selecting Change Password<br /><br /> Report from Admin"
Send-MailMessage -to $getusers.EmailAddress -from $getusers.EmailAddress -Subject "Password Expiring soon" -SmtpServer "mail.pacificorp.com" -BodyAsHtml $body
}
}
This script is pulling a lot of user enviorment information to determine who to check. the email it sends will be from them selves this can be changed to say the companies service desk/help desk. also the instructions can be changed if you prefer them going to a self help portal or what not.
Hope you enjoy,
Local Tech Repair Admin
No comments:
Post a Comment