Whose password is expiring soon?

A recent effort at work has a large number of users who do not log into the domain on which their Exchange mailbox resides. As a result, they don’t get the Windows warnings when their password is about to expire.

The effort required isn’t all that hard, once you find the right property!

The following script returns, by default, all passwords that will be expiring within the next 7 days (the number of days is a parameter)… it wouldn’t take much to modify this to additionally send a gentle reminder email to the affected people that their password is about to expire.

[CmdletBinding()]
Param(
    [Parameter(Mandatory=$false,Position=0,ValueFromPipeline=$true)]$domain="contoso.com",
    [Parameter(Mandatory=$false,Position=1,ValueFromPipeline=$true)][alias("OU")]$OrganizationalUnit="OU=Users,DC=Contoso,DC=com",
    [Parameter(Mandatory=$false,Position=2,ValueFromPipeline=$true)][int]$Days=7

)

$adu=Get-ADUser -Server $Domain -SearchBase $OrganizationalUnit -Filter * -Properties msDS-UserPasswordExpiryTimeComputed,DisplayName,Mail
$exp=$adu | Select Name,DisplayName,Mail,@{Name="Password Expiration";Expression={[datetime]::FromFileTime($_.'msDS-UserPasswordExpiryTimeComputed')}}
$exp | % { if( $_.'Password Expiration' -gt (Get-Date) -and ($_.'Password Expiration' - (Get-Date)).Days -le $Days) { $_ } }

Not bad for just a few lines of code!

This entry was posted in Uncategorized. Bookmark the permalink.