Sign in
 
HomeLibraryLearnDownloadsRepositoryCommunityForumsBlog
Script Center >
Email Users of Pending Account Expiration

Answered Email Users of Pending Account Expiration

  • Friday, February 08, 2013 9:16 PM
     
     
    Sign In to Vote
    0

    Does anyone have a PowerShell Script that would notify the user when their account is set to expire?  I have seen powershell script for passwords set to expire but not the actual account expiration.

    I would like the PowerShell to do the following:

    1.  Check AD for accounts that are set to expire in 7 days or less

    2.  Send emails to those users with Subject line and brief description in the body of email

    3.  Send email to an administrator as well

    This script will run on a scheduled task once a week.  thank you.

     

All Replies

  • Friday, February 08, 2013 9:29 PM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Have you searched the script repository and/or the web, and with what results?

    In general, the purpose of this forum is to help answer scripting questions, not write completed scripts for others for free.

    Bill

     
  • Saturday, February 09, 2013 4:57 PM
    Moderator
     
     Answered Has Code
    Sign In to Vote
    0

    This is not an easy task. However, I wrote the following script some time ago. You need to modify email settings for your environment. This sends email to the address in the "mail" attribute (Email address on "General" tab of ADUC), but if that is missing, uses the default address in the "proxyAddresses" collection. You can easily modify to also email a fixed email  address (such as an admin) with another call to the SendEmail function.

    # PSAcctExpires.ps1

    Trap {"Error: $_"; Break;}

    # Specify number of days. Users whose accounts expire between now and
    # this many days in the future will be processed.
    $Days = 10

    # Email settings.
    $Script:From = "myemailaddress@mydomain.com"
    $Script:Subject = "Account Expiration Notice"
    $Server = "smtp.mydomain.com"
    $Port = 25
    $Client = New-Object System.Net.Mail.SmtpClient $Server, $Port
    # You may need to provide credentials.
    $Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

    Function SendEmail($To, $Body)
    {
        $Message = New-Object System.Net.Mail.MailMessage `
            $Script:From, $To, $Script:Subject, $Body
        $Client.Send($Message)
    }

    # Determine dates.
    $Date1 = Get-Date
    $Date2 = $Date1.AddDays($Days)

    # Convert from PowerShell ticks to Active Directory ticks.
    $64Bit1 = $Date1.Ticks - 504911232000000000
    $64Bit2 = $Date2.Ticks - 504911232000000000

    $D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $Domain = [ADSI]"LDAP://$D"
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher
    $Searcher.PageSize = 200
    $Searcher.SearchScope = "subtree"

    # Filter on users whose accounts expire between now and specified days in future.
    $Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
        + "(accountExpires>=" + $($64Bit1) + ")" `
        + "(accountExpires<=" + $($64Bit2) + "))"

    # Attribute values to retrieve.
    $Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
    $Searcher.PropertiesToLoad.Add("sAMAccountName") > $Null
    $Searcher.PropertiesToLoad.Add("mail") > $Null
    $Searcher.PropertiesToLoad.Add("proxyAddresses") > $Null
    $Searcher.PropertiesToLoad.Add("accountExpires") > $Null
    $Searcher.SearchRoot = "LDAP://" + $Domain.distinguishedName

    $Results = $Searcher.FindAll()
    ForEach ($Result In $Results)
    {
        $DN = $Result.Properties.Item("distinguishedName")
        $Name = $Result.Properties.Item("sAMAccountName")
        # Retrieve account expiration date.
        $AE = $Result.Properties.Item("accountExpires")
        $Date = [DateTime]$AE.Item(0)
        $AcctExpires = $Date.AddYears(1600).ToLocalTime()
        # Determine email address.
        $Addresses = $Result.Properties.Item("proxyAddresses")
        $Mail = $Result.Properties.Item("mail")
        If ("$Mail" -eq "")
        {
            ForEach ($Address In $Addresses)
            {
                $Prefix = $Address.SubString(0, 5)
                If (($Prefix -ceq "SMTP:") -or ($Prefix -ceq "X400:"))
                {
                    $Mail = $Address.SubString(5)
                    Break
                }
            }
        }
        If ("$Mail" -ne "")
        {
            $Notice = "Account for user $Name on $AcctExpires"
            SendEmail $Mail $Notice
            "Email sent to $Name ($Mail), account expires $AcctExpires"
        }
        Else
        {
            "$Name has no email, but account expires $AcctExpires"
            "DN: $DN"
        }
    }

    -----


    Richard Mueller - MVP Directory Services

     
  • Tuesday, February 12, 2013 4:13 PM
     
     
    Sign In to Vote
    0
    Thanks for the script.  I will test this out in my lab.  I will let eveyone know if it works for me.