Pricing  Get Quote
 
 

PowerShell scripts to notify Active Directory domain users about password expiration

The password expiration notification PowerShell script provided here sends email reminders to Active Directory users about their expiring passwords. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, also supports sending password expiration notification to AD users. Below is a comparison of AD password expiration notification using PowerShell and ADSelfService Plus.

PowerShell

Enter the following command in PowerShell to remind users of the AD password expiration 7 days before expiration:
#Import AD Module
 Import-Module ActiveDirectory
 
#Create warning dates for future password expiration
$SevenDayWarnDate = (get-date).adddays(7).ToLongDateString()

#Email Variables
$MailSender = " Password AutoBot <emailaddress@somecompany.com>"
$Subject = 'FYI - Your account password will expire soon'
$EmailStub1 = 'I am a bot and performed this action automatically. I am here to inform you that the password for'
$EmailStub2 = 'will expire in'
$EmailStub3 = 'days on'
$EmailStub4 = '. Please contact the helpdesk if you need assistance changing your password. DO NOT REPLY TO THIS EMAIL.'
$SMTPServer = 'smtp.somecompany.com'
 
#Find accounts that are enabled and have expiring passwords
$users = Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0 } `
 -Properties "Name", "EmailAddress", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Name", "EmailAddress", `
 @{Name = "PasswordExpiry"; Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed").tolongdatestring() }}
 
#check password expiration date and send email on match
foreach ($user in $users) {
     if ($user.PasswordExpiry -eq $SevenDayWarnDate) {
         $days = 7
         $EmailBody = $EmailStub1, $user.name, $EmailStub2, $days, $EmailStub3, $SevenDayWarnDate, $EmailStub4 -join ' '
 
         Send-MailMessage -To $user.EmailAddress -From $MailSender -SmtpServer $SMTPServer -Subject $Subject -Body $EmailBody
     }
    else {}
 }
 Copied
Click to copy entire script

ADSelfService Plus

  • Open the ADSelfService Plus admin portal.
  • Go to Configuration > Password Expiration Notification. In the Password/Account Expiration Notification section that opens, click on Add New Notifcation.
  • Use the Select Domain option to specify the domain whose users should receive the notifications. Provide a Scheduler Name.
  • Set the Notification Type to Password Expiration Notification. Use the Notify via option to specify the notification medium (mail, SMS, or push notification).
  • Select the Notification Frequency (Daily, Weekly or On Specific Days) and use the Schedule Time option to specify the date and time of the notification delivery. For example, if you want to notify users 7 days before the password expiration, select the On Specific Days option and click on Schedule Time and specify '7' in the field provided.
  • Edit the Subject and the Message of the notification, if required.
  • Click on the Advanced option and in the pop-up window that opens, use the options for excluding disabled users or smart card users from receiving expiration notifications, and sending notification delivery status messages to users' managers or anyone with an admin account if necessary.
  • Click Save.
Benefits of configuring password expiry notifications with ADSelfService Plus:
  • Quick configuration:

    With ADSelfService Plus you are just a few clicks away from configuring password expiration reminders for domain users. PowerShell scripts require creating, debugging and running.

  • Notify users via mail, SMS and push notification:

    With ADSelfService Plus, you can choose between sending mail, SMS and push notifications with just a click. In the above example, PowerShell is used to provide email notifications for password expiration. PowerShell can also be used to send SMS and push notifications but this requires creating an extremely extensive script.

  • Notify users' managers:

    In ADSelfService Plus, you can choose to exclude disabled users and smart card users from receiving the notifications. Notification delivery status emails can also be sent to the users' managers and the organization's administrators.

  • GUI based configuration:

    Once a password expiration notification has been configured in ADSelfService Plus, it can be edited simply by selecting the notification to be edited and changing the values of the settings as required. With PowerShell, while making changes to the notification script, typos and other human errors are bound to occur.

  • Customizable and powerful email notifications:

    Draft email notifications in HTML to grab the attention of users or send different messages on different days leading up to password expiration. Powershell does allow sending HTML formatted emails, but again the process can be quite lengthy.

Notify Active Directory users about password expiration.

  Get 30-day free trial.
  • Embark on your script-free AD Self-service password management with ADSelfService Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link