PowerShell

PowerShell script required to automate sending of emails with expired passwords

Share
Viewing 4 reply threads
  • Author
    Posts
    • #1556744
      IQ
      Participant
      • Topics: 3
      • Replies: 12
      Post count: 2
      Member Points: 476
      Rank: Level 2

      Send an email alert as the password expiry date is approaching for enabled service accounts. For example, maybe an alert would be sent 30 days before, then 15 days, then 7 days then 1 day. Ideally, the alerts would be sent to the service account owner, and the final alert can be copied to the domain admins.

      Can someone please provide us a script which does this ?

      0
    • #1556760
      IQ
      Participant
      • Topics: 3
      • Replies: 12
      Post count: 2
      Member Points: 476
      Rank: Level 2

      Hello,

      I would like to use a pseudo code to as shown below, to create a file and then use this file to set up a script which automatically emails domain admins when a password is set to expire. Can someone please send me the exact code , I have tried some options in Windows Powershell ISE but not sure how to make a start. Any help will be appreciated.

      0
    • #1556766
      Leos Marek
      Moderator
      • Topics: 20
      • Replies: 232
      Post count: 250
      Member Points: 14,482
      Rank: Level 4

      Have you tried to look on sites like Powershell Gallery? https://www.powershellgallery.com/

      Or on Technet Gallery? https://gallery.technet.microsoft.com/scriptcenter

      I bet there are various scripts that fit your needs. You just need to adopt them to fit your AD structure.

      0
    • #1556767
      David Figueroa
      Participant
      • Topics: 5
      • Replies: 36
      Post count: 13
      Member Points: 2,992
      Rank: Level 3

      This should work.  However — this will be affected by the number of users that need to be processed.  If it’s a large AD, it could take a big chunk of time..  There’s lots of things that could be done to speed this up, break it up, etc.  (multi-threading, breaking it up into chunks, etc.)  You might need to set the return limit on the Get-ADUser query if there are too many accounts.

      David F.

       

      1+
      avatar
      • #1556770
        IQ
        Participant
        • Topics: 3
        • Replies: 12
        Post count: 2
        Member Points: 476
        Rank: Level 2

        thanks for your suggestions, will try this code to make it work on Windows 2016/Windows 10.  For now I am just trying to write the soon to be expiring accounts in a file and then use SMTP to send an email, this needs to be automated using a Powershell script. Will let u know how it goes, thanks for your suggestion.

        0
        • #1556772
          Leos Marek
          Moderator
          • Topics: 20
          • Replies: 232
          Post count: 250
          Member Points: 14,482
          Rank: Level 4

          If you want to write the accounts to a file and then send notification later you have two options:

          1) replace the send-mailmessage in the code above, save all items to a file and then place the smtp send block to the end of the script

          2) you would need a second script that would read the file and sends the notifications.

          in both cases you should store the email address in the information file, or you would need to query each account for email address again, which will again take some time.

          0
      • #1556819
        IQ
        Participant
        • Topics: 3
        • Replies: 12
        Post count: 2
        Member Points: 476
        Rank: Level 2

        Tried the script suggested in the post but I am getting an error

        Get-ADUser : The search filter cannot be recognized
        At line:21 char:1
        + Get-ADUser -LDAPFilter $LDAP | ForEach-Object {
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser

        0
        • #1556824
          Leos Marek
          Moderator
          • Topics: 20
          • Replies: 232
          Post count: 250
          Member Points: 14,482
          Rank: Level 4

          Seems the filter defined in $LDAP variable is incorrect. Lets see if David replies or I can check later.

          0
        • #1556841
          Leos Marek
          Moderator
          • Topics: 20
          • Replies: 232
          Post count: 250
          Member Points: 14,482
          Rank: Level 4

          It was just a brackets typo. Replace the line with this

           

          1+
          avatar
    • #1556840
      David Figueroa
      Participant
      • Topics: 5
      • Replies: 36
      Post count: 13
      Member Points: 2,992
      Rank: Level 3

      I’ll have to tinker with it tomorrow if Leos doesn’t get to it sooner.  On the surface it looks correct, but I’ll play with it at work tomorrow since it’s not.

      David

      0
Viewing 4 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account