Created June 13, 2012
Password Expiry Email Report
Reports on Users whose passwords are about to expire
Requires Quest.ActiveRoles.ADManagementsnapin to get the AD attributes.
# --------------------------------------------------
write-verbose Setup Variables
$days_before_expiry = 5
$smtp = ""
$from = ""
$admin = ""
$AdminName = "TheAgreeableCow"
# --------------------------------------------------
function Send-Mail{
$smtp = new-object$SmtpServer)
$mail = new-object System.Net.Mail.MailMessage
$mail.from = $from
$mail.subject = $subject
$mail.body = $body
$mail.IsBodyHtml = $true
write-verbose Setup Style Sheet
$newline = "<br>"
$font = "<font size=`"3`" face=`"Calibri`">"
write-verbose Load variables and query AD
$today = (Get-date)
$cutoff = $today.AddDays($days_before_expiry)
add-pssnapin "Quest.ActiveRoles.ADManagement"
$users_to_be_notified = Get-QADUser -Enabled -passwordNeverExpires:$False | Where {($_.PasswordExpires -lt $cutoff)}
write-verbose Generate emails
foreach ($user in $users_to_be_notified) {
$days_remaining = ($user.PasswordExpires - $today).days
$body = $font
write-verbose Users where password has expired
if ($days_remaining -le 0) {
$days_remaining = [math]::abs($days_remaining)
$expired_users += $ + " - <font color=blue>" + $user.LogonName + "</font>'s password has expired <font color=blue>" + $days_remaining + "</font> day(s) ago." + $newline
write-verbose Prepare email to user (if they have an email address)
if ($user.Email -ne $null) {
$to = $user.Email
$subject = "Reminder - Password has expired " + $days_remaining + "day(s) ago."
$body1 += "Hi " + $user.givenname + "," + $newline + $newline
$body1 += "This is a friendly reminder that your password for account'<font color=blue>" + $user.LogonName + "</font>' has already expired "+ $days_remaining + " day(s) ago."
$body1 += " Please contact the Helpdesk to arrange for your password to be reset."
else {
write-verbose Prepare email to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password has expired" + $days_remaining + " day(s) ago."
$body1 += "Dear administrator," + $newline + $newline
$body1 += "<font color=blue>" + $user.LogonName+ "</font>'s passwordhas expired <font color=blue>" + $days_remaining + " day(s) ago</font>."
$body1 += " However, the system has detected that there is no emailaddress attached to the profile."
$body1 += " Therefore, no email notifications has been sent to " + $user.Name + "."
$body1 += " Kindly reset the password and notify user of the password change."
$body1 += $newline + $newline + $newline + $newline
$body1 += "<h5>Message generated on: " + $today + ".</h5>"
$body1 += "</font>"
write-verbose Send email
#Send-Mail -smtpServer $smtp -from $from -to $to -subject $subject -body $body1
write-verbose Users whose password is expiring
if ($days_remaining -lt $days_before_expiry) {
$expiring_users += $ + " - <font color=blue>" +$user.LogonName + "</font> has <font color=blue>" + $days_remaining +"</font> day(s) remaing left to change his/her password." + $newline
write-verbose Prepare email to user (if they have an email address)
if ($user.Email -ne $null) {
$to = $user.Email
$subject = "Reminder - Password is expiring in " + $days_remaining +" day(s)."
$body += "Hi " + $user.givenname + "," + $newline + $newline
$body += "This is a friendly reminder that your password for account '<font color=blue>" + $user.LogonName + "</font>' is due to expire in "+ $days_remaining + " day(s). " + $newline + $newline
$body += "It is best to reset your password just prior to finishing for the day, by hitting Ctrl+Alt+Del and then 'Change Password'. " + $newline + $newline
$body += "Please remember to change your password before <fontcolor=blue>" + $'dd/MM/yyyy') +"</font>." + $newline + $newline
$body += "Regards," + $newline + $newline
$body += "Helpdesk"
else {
write-verbose Prepare email to administrator
$to = $admin
$subject = "Reminder - " + $user.LogonName+ "'s Password is expiring in " + $days_remaining + " day(s)."
$body += "Dear administrator," + $newline + $newline
$body += "<font color=blue>" + $user.LogonName+ "</font>'s passwordis expiring in <font color=blue>" + $days_remaining + " day(s)</font>."
$body += " However, the system has detected that there is no emailaddress attached to the profile."
$body += " Therefore, no email notifications has been sent to " +$user.Name + "."
$body += " Kindly remind him/her to change the password before <fontcolor=blue>" + $'dd/MM/yyyy') +"</font>."
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
write-verbose Send email
Send-Mail -smtpServer $smtp -from $from -to $to -subject $subject -body $body
write-verbose Generate Password Expiry report
if ($expired_users -ne $null -and $expiring_users -ne $null) {
$to = $admin
$subject = "Password Expiry Report"
$body = $font
$body += "Dear " + $AdminName + ","+ $newline + $newline
$body += "<b>Users with passwords expiring soon:</b>" + $newline
$body += $expiring_users + $newline + $newline
$body += "The following users' passwords are expiring soon or have already expired." + $newline + $newline + $newline
$body += "<b>Users with expired passwords:</b>" + $newline
$body += $expired_users
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
Send-Mail -smtpServer $smtp -from $from -to $to -subject $subject -body $body
