none
(Sumber: milist WSS) Script untuk AD password will expire reminder RRS feed

Jawaban

  • Halo,

    Anda bisa menggunakan PowerShell and Quest cmdlets dengan script seperti dibawah ini:

    function Send-Mail{

     param($smtpServer,$from,$to,$subject,$body)

     $smtp = new-object system.net.mail.smtpClient($SmtpServer)
     $mail = new-object System.Net.Mail.MailMessage

     $mail.from = $from
     $mail.to.add($to)
     $mail.subject = $subject
     $mail.body = $body
     #$mail.IsBodyHtml = $true

     $smtp.send($mail)
    }

    # get domain maxPassAge password policy
    $maxPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.days

    if(!$maxPassAge){
     throw "Domain 'MaximumPasswordAge'password policy is not configured (set to 0)."
    }

    # exclude users that cannot change password
    #$ldap = "(&(!userAccountControl:1.2.840.113556.1.4.803:=64)(mailNickName=*))"

    # create calculated property to display days until password expire
    $daysUntilExpire = @{n="daysUntilExpire";e={$maxPassAge-$_.passwordAge.value.days}}

    $expireIn = 10
    $smtpServer="smtpServerName"

    # get enabled users that meet the above criteria
    $enabledUsers = Get-QADUser -enabled -passwordNeverExpires $false -size 0 -ldap "(mailNickName=*)"

    # exclude users that cannot change password
    #$enabledUsers = $enabledUsers  | where { Get-QADPermission $_ -deny -Account self,everyone}
    $enabledUsers = $enabledUsers  | where { Get-QADPermission $_ -deny -Account everyone}


    $expiredUsers = $enabledUsers | where {$_.passwordAge.value -gt 0 -AND ($maxPassAge-$_.passwordAge.value.days) -gt $expireIn}

    $expiredUsers | foreach { 
     $subject="Your password will expire in $expireIn days"
     $body="Your password will expire in $expireIn days"
     Send-Mail -smtpServer $smtpServer -from "you@domain.com" -to $_.email -subject $subject -body $body  
    }

    Anda disarankan untuk mengunduh dan install Quest AD cmdlets terlebih dahulu, ubah nilai script sesuai kebutuhan anda dan jalankan. Anda dapat mengunduh Quest AD cmdlets secara gratis disini:

    http://www.quest.com/powershell/activeroles-server.aspx

     

     


    Agnes Sannie [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Kamis, 01 Desember 2011 03.09
    Moderator