Local Tech Repair: Using powershell to check if password is going to expire

Wednesday, October 14, 2015

Using powershell to check if password is going to expire

Using powershell to create a script to check if the clients password is going to be expiring in the next 5 days.

I love powershell and just like creating random tools with it. here is a script that can be set as a task on the clients computer to run each day. This helps fix a problem with windows where the popup notifying the user their password is going to expire in x amount of days not showing up because the end user is not login in.

    Checks if user password is with in 5 days of expiring
    Created by Joshua Millikan 

    Date: 10/14/15
    version: 1.00
    This script is designed to check if the account is with in 5 days of expiring and then emails them with instructions on how to reset.

#grabs current user information
$getusers = get-aduser $env:USERNAME -Properties *
#grabs todays date
$date = Get-Date
#checks the number of days between the last password set and todays date.
$numberofdays = New-TimeSpan -Start $getusers.PasswordLastSet -end $date
#grabs the domain policy for passwords
$domainpolicydays = Get-ADDefaultDomainPasswordPolicy | select maxpasswordage
#grabs the amount of days from maxpasswordage
[int]$policydays = $domainpolicydays.maxpasswordage.Days
#removes as our 5 day warning
$policydays += -5
#checks if password never expiring is checked. (it should never be checked less service account)
if ($getusers.PasswordNeverExpires -eq $False){
#checks if the number of days is greater than or policy warning
if ($numberofdays.Days -ge $policydays){

$body = "Hello " +$env:USERNAME + "<br /><br /> your password will be expiring soon please change your password.<br /> You can do this by hitting ctrl + alt + del and selecting Change Password<br /><br /> Report from Admin"
Send-MailMessage -to $getusers.EmailAddress -from $getusers.EmailAddress -Subject "Password Expiring soon" -SmtpServer "mail.pacificorp.com" -BodyAsHtml $body

This script is pulling a lot of user enviorment information to determine who to check.  the email it sends will be from them selves this can be changed to say the companies service desk/help desk. also the instructions can be changed if you prefer them going to a self help portal or what not.

Hope you enjoy,
Local Tech Repair Admin