none
PowerShell Script that will notify the user when their password was changed RRS feed

  • Question

  • Hello,    I have the desire to have a script that runs frequently (each hour) that will send an email to the A/D user when the password was changed.

    I have found the script below, but it does not work.    Curious if any script masters could look at this and see what is wrong.

    $minuteschanged=60
    $timeminus1=(get-date).addminutes("-$minuteschanged")

    $users=get-aduser -searchbase "dc=xxx,dc=xxx,dc=com" -filter * -properties name,mail,samaccountname,passwordlastset | Where

    {$_.PasswordLastSet -ge $timeminus1} | ForEach-Object

    {
    #Send Email to users

    $SMTPServer = "mailxx.xxx.xxx.com"

    $from = "password@xxxgmt.com"

    $to = $_.mail

    $SamAccountName = $_.name

    $LastSet = $_.PasswordLastSet

    $subject = "Your password has been reset"

    $emailbody = "Hello $SamAccountName your password was reset on $LastSet"

    $mailer = new-object Net.Mail.SMTPclient($SMTPserver)

    $msg = new-object Net.Mail.MailMessage($from, $to, $subject, $emailbody)

    $mailer.send($msg)
    }

    Thursday, December 12, 2013 8:19 PM

Answers

  • This is closer to somethingthat wil work and easwier to read and debug.

    $minuteschanged=60
    $timeminus1=(get-date).addminutes(-$minuteschanged)
    $mailprops=@{
        SMTPServer='mailxx.xxx.xxx.com'
        From='password@xxxgmt.com'
        Subject='Your password has been reset'
    }
    
    get-aduser -searchbase "dc=xxx,dc=xxx,dc=com" -filter * -properties name,mail,samaccountname,passwordlastset | 
        Where{$_.PasswordLastSet -ge $timeminus1} | 
        ForEach-Object{
            $body="MessageTime: $timeminus1 - Hello $($_.name) your password was reset on $($_.PasswordLastSet)"
            Send-MailMessage -To $_.mail -Body $body @mailprops
    }


    ¯\_(ツ)_/¯

    • Marked as answer by willzzzzzzzzzz Friday, December 13, 2013 1:08 PM
    Thursday, December 12, 2013 9:47 PM

All replies

  • Hi,

    What do you mean by 'does not work'? Are you getting any errors?


    Don't retire TechNet! - (Don't give up yet - 12,420+ strong and growing)

    Thursday, December 12, 2013 8:58 PM
  • Sorry, I forgot to add that when I execute the above script I get the Following:


    cmdlet Where-Object at command pipeline position 2
    Supply values for the following parameters:
    FilterScript:

    Thursday, December 12, 2013 9:23 PM
  • Does the script you're running look exactly like how you pasted it? If so, you'll need to fix the formatting.

    EDIT: By that, I mean that {$_.PasswordLastSet -ge $timeminus1} needs to follow Where-Object, not be two lines below it.

    EDIT2: Also, you don't need $users = since you're just pushing everything through the pipeline.

    EDIT3: You may want to use Send-MailMessage instead:

    http://ss64.com/ps/send-mailmessage.html

    EDIT4: Now that I think of it... Why? Shouldn't a user know that their password has changed (since they're actually making the change....)?


    Don't retire TechNet! - (Don't give up yet - 12,420+ strong and growing)





    Thursday, December 12, 2013 9:28 PM
  • Firstly:

    $minuteschanged=60
    $timeminus1=(get-date).addminutes("-$minuteschanged")

    Do not use quotes:

    $minuteschanged=60
    $timeminus1=(get-date).addminutes(-$minuteschanged)


    ¯\_(ツ)_/¯

    Thursday, December 12, 2013 9:38 PM
  • This is closer to somethingthat wil work and easwier to read and debug.

    $minuteschanged=60
    $timeminus1=(get-date).addminutes(-$minuteschanged)
    $mailprops=@{
        SMTPServer='mailxx.xxx.xxx.com'
        From='password@xxxgmt.com'
        Subject='Your password has been reset'
    }
    
    get-aduser -searchbase "dc=xxx,dc=xxx,dc=com" -filter * -properties name,mail,samaccountname,passwordlastset | 
        Where{$_.PasswordLastSet -ge $timeminus1} | 
        ForEach-Object{
            $body="MessageTime: $timeminus1 - Hello $($_.name) your password was reset on $($_.PasswordLastSet)"
            Send-MailMessage -To $_.mail -Body $body @mailprops
    }


    ¯\_(ツ)_/¯

    • Marked as answer by willzzzzzzzzzz Friday, December 13, 2013 1:08 PM
    Thursday, December 12, 2013 9:47 PM
  • Hey Guys, Thank you for your help.    I hope to be able to return the favor one day.   

    To the person that asked why would we want to utilize this script.  The awnser is that if user A answers the security question of User B to the automated password reset utility, an email will alert user B of such activity.   Just an extra step of security.  

    Thanks again for everyone's insight.

    Friday, December 13, 2013 1:12 PM
  • Hey Guys, Thank you for your help.    I hope to be able to return the favor one day.   

    To the person that asked why would we want to utilize this script.  The awnser is that if user A answers the security question of User B to the automated password reset utility, an email will alert user B of such activity.   Just an extra step of security.  

    Thanks again for theeveryone's insight.

    That is not possible.  Security questions are not shared.  Even if users have the same question and answer they would have different email and account names.  They should have multiple questions and the reset should only be done by sending an email to the account address.  With the response to the email you would have the required third level of validation.  You can also use a cell phone SMS message with a security code.  This is becoming the preferred method because the user usually keeps the phone close and the mail message can be discovered.

    Glad the script works.


    ¯\_(ツ)_/¯

    Friday, December 13, 2013 2:18 PM