Description

Did you ever had the problem that traveling users were calling your ServiceDesk and said “I no longer can access this or that system since yesterday.”  where the reason for this was an expired Windows password? The reason for this is when users are on the road and only establish a VPN connection (which is not related to the AD password) to your site, they will not see the “Your password has expired” screen. If you have this problem or you just think the little notification warning you about your expiring password is not enough this script may help you.

With this script you can notify your users about expiring passwords via E-Mail so they will no longer forget to change their password. If they forget to change it, they can not blame you for not notifying them.

It’s designed to run as a scheduled task but you may also run it on demand. You have pleanty of option to customize the settings to fit your needs. You can have notifications in different languages e.g. you have a lot of subsidiaries.You can also specify the amount of notifications users will receive before the password is going to expire. The email can be easiely customized to fit your personell (or coorporate) design needs.

Requirements

Active Directory PowerShell Module (this is part of the RSAT (Remote Server Administration Tools)

Installation

Unpack the downloaded ZIP and place the files into a folder where you would like to store the script. No other installation is needed.

Execution Policy: Third-party PowerShell scripts may need that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Parameters

Allows you to specify a path other then the script directory for the config file.

Configuration

The script is configured using a configuration file. You can find detailed information on the New-PasswordReminder Config Options page. Please copy the configuration file the same folder as the New-PasswordReminder.ps1 file. A sample configuration is provided with the download you may only need to change the settings to fit your environment.

A basic configuration may look like this:

With this configuration you’ll notify your users at 00:00 UTC time when their password will expire in 1,3 or 7 days, the mail will be generated from the template “template_eng.txt”. In this configuration we have enabled the TestMode so all E-Mails will be sent to a specified address.

Template

The E-Mails will be created as HTML from a template. When creating the template you can use special tags, which will be replaced when the script processes the template so you have all the freedom of HTML (with the limitations of you mail client) to create your notifications.

[LastName] – LastName of the person

[FirstName] – FirstName of the person

[Days] – Days until the password expires

[FromAddress] – will be replaced with <SenderAdress>

[SenderName] – will be replaced with <SenderName>

[Phone] – will be replaced with <ContactPhone>

Scheduled Task

When creating a schedule task please use the following option for Powershell scripts under Actions:

Program/Script: %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe

Arguments: -NoProfile -Noninteractive -command “. <PathToScript> -ConfigPath <PathToConfigFile>; exit $LASTEXITCODE”

<PathToScript> – Path to the Script including filename and extension

<PathToConfigFile> – Path to the config file including filename and extension

Exit Codes

The script will return the following exit codes on error.

1    PowerShell-Module not found
2    Config-File not found
3    LogPath is missing in configuration
4    LogLevel is missing in configuration
5    LogfilePath is empty in configuration
6    LogLevel is empty in configuration
7    Error in configuration, see log file

Download

v. 1.0 – 05.01.2017 – New-ExpiringPasswordReminder_v1.0.zip