$TimeSpan = "5" $Properties = '*' $domainsuf = "@domain.com" $sender = "DoNotReply" + $domainsuf $logpath = "C:\Logs" $smtpsrv = "SMTP Server" $tempdir = "C:\Temp" $SearchBase1 = "CN=Users,DC=organization,DC=com" $csvfile1 = $tempdir + "\UName.txt" $csvfile2 = $tempdir + "\email1.txt" $csvfile3 = $logpath + "\expired_log.csv" import-module ActiveDirectory $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge if ((get-module | where { $_.Name -eq "ActiveDirectory"}) -eq $null) { import-module ActiveDirectory; if ((get-module | where { $_.Name -eq "ActiveDirectory"}) -eq $null) {throw "ActiveDirectory Module is required."} } if ($DateTime -ne $null) { $TimeSpan = $DateTime.Subtract([datetime]::now) } $maxAge = (new-object System.TimeSpan((Get-ADObject (Get-ADRootDSE).defaultNamingContext -properties maxPwdAge).maxPwdAge)) $expireToday = (([datetime]::Now).Date).Add($maxAge).tofileTime() $expireFuture = (([datetime]::Now).Date).Add($maxAge.Add($TimeSpan)).tofileTime() $filter = "(pwdlastset -gt $expireToday ) -and (pwdlastset -lt $expireFuture) " if ($EnabledAccountsOnly) { $filter += "-and (-not (userAccountControl -band 0x2))" } if ($properties -eq $null) { $accountObj = Get-ADUser -filter $filter -SearchBase $SearchBase1 | Select-Object Name, SamAccountName, PasswordExpired, PasswordLastSet } else { $accountObj1 = Get-ADUser -filter 'PasswordNeverExpires -eq "False"' -SearchBase $SearchBase1 -properties PasswordLastSet |where-object {($_.PasswordLastSet.date.tofileTime()-(([datetime]::Now).Date).Add($maxAge.Add($TimeSpan)).tofileTime() -le 0) -and ($_.Enabled -match "True")}| select samaccountname ForEach ($user in $accountObj1) { Get-ADUser $user.SamAccountName -properties PasswordLastSet | select-object Name | Export-CSV $csvfile1 -Delimiter ":" $unamecont = get-content $csvfile1 foreach ($name2 in $unamecont) { if ($name2 -ne "#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser") {if ($name2 -notmatch "Name") { $uname1 = $name2 -replace '\"', "" $a = "" $uname1 = $name2 -replace '\"', "" $userpassset = Get-ADUser -properties PasswordLastSet -Filter 'Name -like $uname1' $userpassset1 = $userpassset.PasswordLastSet $userexpiredHours = $maxAge.TotalHours * -1 + (New-TimeSpan -Start (get-date) -End $userpassset1).TotalHours $userexpireddays = $userexpiredHours / 24 $userexpireddays1 = [Math]::Truncate($userexpireddays) $userexpiredHours1 = $userexpireddays - [Math]::Truncate($userexpireddays) $userexpiredHours2 = [Math]::Truncate($userexpiredHours1 * 24) $a = $a + "" $a = $a + "" $a = $a + "

" $a = $a + "" $a = $a + "

Dear " + $uname1 + ", Company user,

" $a = $a + "" $a = $a + "

Your password is about to expire in the next " + $userexpireddays1 + " days.

" $a = $a + "" $a = $a + "

Please make sure to replace it ASAP," $a = $a + "especially before weekend, holiday or business trip since there is no option to " $a = $a + "replace the password remotely.

" $a = $a + "" $a = $a + "

Please do not reply to this email.

" $a = $a + "" $a = $a + "

Information Technology

" $a = $a + "" $a = $a + "

" $a = $a + "" $a = $a + "" ConvertTo-HTML -head $a $email1 = Get-ADUser -Filter 'Name -like $uname1'| select-object SamAccountName | Export-Csv $csvfile2 $email2 = Get-Content $csvfile2 foreach ($email3 in $email2) { if ($email3 -ne "#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser") {if ($email3 -notmatch "SamAccountName"){ $email4 = $email3 -replace '\"', "" $emailcomplate = $email4 + $domainsuf $subject1 = 'Your password is about to expire in the next ' + $userexpireddays1 + ' days and ' + $userexpiredHours2 + ' hours' Send-MailMessage -From $sender -To $emailcomplate -Subject $subject1 -SmtpServer $smtpsrv -BodyAsHtml -DeliveryNotificationOption OnFailure -Body $a $dateget = get-date -format "dd-MMM-yyyy:HH.mm" Write-Output "Expiration in: $userexpireddays1 days and $userexpiredHours2 hours; Sent in: $dateget; $uname1" | Out-File $csvfile3 -Append }}} }} }} Remove-Item $csvfile2 Remove-Item $csvfile1 }