none
AD Account expiry notification to User's Manager RRS feed

  • Question

  • Hi All,

    I am trying to automate this notification in our organization where a User's Manager receives a notification regarding the expiration of User's account. In case the Manager field is empty or Manager is disabled, the mail is sent to User informing the expiry and asking to update correct manager.

    I tested the below script but the 'else' part does not works, I was able to receive mails where User's manager is Valid. (Invalid Manager= Disabled/empty)

    Please help to get this work.

    Import-Module ActiveDirectory
    $From = "itservicedesk@xyz.com"
    
    $SMTPServer = "mailrelay.xyz.com"
    $startDate = Get-Date
    $endDate = $startDate.AddDays(30)
    $Users = Get-ADUser -Filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate -and enabled -eq 'True'} -Properties SamAccountName, name, mail, AccountExpirationDate, Manager
    
    
    Foreach($User in $Users)
        {
            $ManagerID = $null
            $active = $null
            $ManagerID = Get-ADUser $User.Manager -Properties SamAccountName | select SamAccountName
            $active = Get-ADUser $User.Manager -Properties enabled | select enabled
            $ManagerName = Get-ADUser $User.Manager -Properties GivenName | select GivenName
            If 
                ($ManagerID -ne $null -and $active -ne "False") 
                
                        {
                                $Manager = Get-ADUser $User.Manager -Properties EmailAddress
                                $ManagerName = Get-ADUser $User.Manager -Properties GivenName
                                $To = $Manager.EmailAddress
                                $CC = $User.mail
                                $To = "myemail@self.com" #for testing
                                $Subject = "Network Account Expiration Notification for $($User.Name) ($UserID)"
                                $Body = 
    "Dear $($ManagerName.GivenName),
        
    The Network User Account of $($User.Name) will be expiring on $($User.AccountExpirationDate). The expiration of the account would mean that the user will not be able to login to network.
    
    If the account is no longer required then kindly raise an Off-boarding request.
    Off-boarding link: https://
    
    If the account is still required, kindly use the below request template to extend the account’s expiration date.
    Extension Request link: https://
    
    For further assistance, please contact IT Service Desk.
    
    P.S: This is an automated notification, please do not reply to this email.
    
    Thanks & Regards,
    IT Service Desk
    
    "
    Send-MailMessage -To $To -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body -Port 25
                        
                        }  
                
            Else
                
                        {
                        #$To = $User.mail
                        $To = "myemail@self.com" #for testing
                        $Subject = "Network Account Expiration Notification for $($User.Name) ($UserID)"
                        $Body = 
    "Dear $($User.GivenName),
        
    Your Network User Account will be expiring on $($User.AccountExpirationDate). The expiration of the account would mean that you will not be able to login to network.
    
    If the account is still required, kindly ask your manager to request for extension. Our systems do not have your current manager information and hence the email is being sent to you.
    Extension Request link: https://
    
    For further assistance, please contact IT Service Desk.
    
    P.S: This is an automated notification, please do not reply to this email.
    
    Thanks & Regards,
    IT Service Desk
    
    "
    Send-MailMessage -To $To -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body -Port 25
                      
                        }
    
    
        }
    

    Wednesday, June 26, 2019 6:48 AM

Answers

  • Try below:
    $User |  Select-Object SamAccountName,EmailAddress,AccountExpirationDate, @{n='ManagerEmail';e={$ManagerEmail}},@{n='Remarks';e={$Line}} | Export-Csv <PATH TO CSV> -Append -NoTypeInformation

    • Marked as answer by Tekinaz Thursday, August 22, 2019 6:00 AM
    Tuesday, July 23, 2019 9:04 AM

All replies

  • Try using below condition for the if block:
    ($ManagerID -ne $null -and $active -eq $true)

    Wednesday, June 26, 2019 8:46 AM
  • To explain DumbleD0re's response, the Enabled property is a Boolean. The value is either $True or $False. It is not a string, like "True" or "False".

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, June 26, 2019 12:59 PM
  • Thank you for the responses. I have changed the script and was able to get the required results.

    Now I need a way to enable logging in this script, so I can get a csv report when the process is completed.

    The report should have few information i.e. User, date of expiry, Manager Name, email sent to Manager or User.

    I have used 'write-host' for this in script but then I have to copy it in excel and create a report manually.

    I need this in the form of log file, because I will be running this script through Task scheduler every month.

    below is the new script:

    Import-Module ActiveDirectory
    $From = "itservicedesk@xyz.com"
    $Me = "aniket.singh@xyz.com"
    $SMTPServer = "mailrelay.xyz.com"
    #$today = Get-Date $today.AddDays(15)
    $startDate = Get-Date
    $endDate = $startDate.AddDays(45)
    $Users = Get-ADUser -Filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate -and enabled -eq 'True'} -Properties *
    
    
    
    
    function SendMessage-WithManager
    {
    
        Param ([string]$TO, [string]$CC, [string]$Bcc, [string]$Exp, [string]$ManName, [string]$UserName, [string]$Sam)
    
        $Subject = "Network Account Expiration Notification for $UserName ($sam)"
        $Body = 
    "Dear $ManName,
        
    The Network User Account of $UserName will be expiring on $Exp. 
    The expiration of the account would mean that the user will not be able to login to network.
    
    If the account is no longer required then kindly raise an Off-boarding request.
    Off-boarding link: https://
    
    If the account is still required, kindly use the below request template to extend the account’s expiration date.
    Extension Request link: https://
    
    For further assistance, please contact IT Service Desk.
    
    P.S: This is an automated notification, please do not reply to this email.
    
    Thanks & Regards,
    IT Service Desk
    "
    
    
    Send-MailMessage -To $To -Cc $CC -Bcc $Bcc -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body -Port 25
      
    }
    
    function SendMessage-NoManager
    {
    
        Param ([string]$TO, [string]$CC, [string]$Exp, [string]$UserFirstName, [string]$UserName, [string]$Sam)
    
        $Subject = "Network Account Expiration Notification for $UserName ($sam)"
        $Body = 
    "Dear $UserFirstName,
        
    Your Network User Account will be expiring on $Exp. 
    The expiration of the account would mean that you will not be able to login to network.
    
    If the account is still required, kindly ask your manager to request for extension. Our systems do not have your current manager information and hence the email is being sent to you.
    Extension Request link: https://
    
    For further assistance, please contact IT Service Desk.
    
    P.S: This is an automated notification, please do not reply to this email.
    
    Thanks & Regards,
    IT Service Desk
    "
    
    
    Send-MailMessage -To $To -Bcc $Bcc -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body -Port 25
      
    }
    
    
    
    
    Foreach($User in $Users)
        {
            Write-Host $User.DisplayName
            $ManagerID = $null
            $active = $null
            
            If ($User.Manager) 
                {Write-Host ("Manager Present")
                 $ManagerID= Get-ADUser $User.Manager -Properties *
                 if($ManagerID.enabled -eq $true)
                 {
                    Write-Host "Active Manager-Mail sent to Manager & User"
                    $Managermail = Get-ADUser $User.Manager -Properties *
                    SendMessage-WithManager -TO $ManagerID.EmailAddress -CC $User.EmailAddress -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -ManName $ManagerID.givenName -UserName $User.name -Sam $User.samaccountname
                 }
                 Else
                  {
    
                    Write-Host "Disabled Manager-Mail sent to User"
                    SendMessage-NoManager  -TO $User.EmailAddress -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -UserName $User.name -Sam $User.samaccountname -UserFirstName $User.GivenName
                  }
    
    
                }                           
    
            Else
                {
                    Write-Host "No Manager"
                    Write-Host "Mail sent to User"
                    SendMessage-NoManager  -TO $User.EmailAddress -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -UserName $User.name -Sam $User.samaccountname -UserFirstName $User.GivenName      
                
                    
                        } 
                
                        
    
        } 
    
    

    Monday, July 22, 2019 11:21 AM
  • Export the user variable to a csv file and keep appending the same inside the for loop. 

    $User | Export-Csv <CSV PATH> -Append

    Or export the details of all the users in while starting the process:

    $Users | Export-Csv <CSV PATH> 

    Monday, July 22, 2019 3:12 PM
  • When using 

    $User | Export-Csv <CSV PATH> -Append

    It exports all the User attributes in csv but I need a report in below format

    SamAccountName,EmailAddress,AccountExpirationDate,Manager,ManagerEmail,Remarks

    <User'sID>,user@xyz.com,07/25/2019,<Manager'sID>,manager@xyz.com, $Line

    Remarks field is the statement which I am storing in "$Line". Below is the conditional statements I have used.

    If ($User.Manager) 
                {
                    $ManagerID= Get-ADUser $User.Manager -Properties *
                    $manName = $ManagerID.DisplayName
                    $Managermail = $ManagerID.EmailAddress
                    if($ManagerID.enabled -eq $true)
                    {
                    $Line = "$($User.SamAccountName) has Active Manager $($ManagerID.SamAccountName) -Mail sent to $Managermail & $Usermail"
                    $Managermail = Get-ADUser $User.Manager -Properties *
                    #SendMessage-WithManager -TO $srk -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -ManName $ManagerID.givenName -UserName $User.name -Sam $User.samaccountname
                    }
                 Else
                    {
                    $Line = "$($User.SamAccountName) has Disabled Manager $($ManagerID.SamAccountName) -Mail sent to $Usermail"
                    #SendMessage-NoManager  -TO $srk -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -UserName $User.name -Sam $User.samaccountname -UserFirstName $User.GivenName
                    }
    
    
                }                           
    
            Else
                {
                    Write-Host "No Manager"
                    $Line = "$($User.SamAccountName) has no Manager -Mail sent to $Usermail"
                    #SendMessage-NoManager  -TO $srk -BCC $Me -Exp $User.AccountExpirationDate.ToString("dd-MMM-yyyy") -UserName $User.name -Sam $User.samaccountname -UserFirstName $User.GivenName      
                } 

    It should keep writing to the CSV every time the loop runs.

    Thanks in advance.

    Tuesday, July 23, 2019 8:28 AM
  • Try below:
    $User |  Select-Object SamAccountName,EmailAddress,AccountExpirationDate, @{n='ManagerEmail';e={$ManagerEmail}},@{n='Remarks';e={$Line}} | Export-Csv <PATH TO CSV> -Append -NoTypeInformation

    • Marked as answer by Tekinaz Thursday, August 22, 2019 6:00 AM
    Tuesday, July 23, 2019 9:04 AM
  • Thank you very much, that really worked like a charm and I have learned how to define headers for my csv.

    Thursday, August 22, 2019 6:07 AM
  • Now there is one more assistance required.

    Whenever the 'To' or 'CC' field is empty, it returns an error stating that either of the variable is blank and email is not triggered and it skips the execution to next User.

    Is there a way to send email even if any of the variable is blank without using more 'If' condition?

    It should skip 'To' or 'CC' if any of them is blank and continue with sending email.

    Like in 

    1st condition, it checks for Manager 'exists' and 'enabled' and then sends email to Manager and User 'To' & 'CC' respectively. In case, 'emailaddress' field for Manager is empty and User's email exists, the email should be sent to User and vice-versa.

    Thursday, August 22, 2019 8:04 AM