Password Change Reminder PowerShell Script Updated!
September 18, 2014 10 Comments
Back in 2012 i wrote a script to help me remind users about their password expiry, to reduce the number of calls i got on the helpdesk. I decided to share it and published it on the TechNet Gallery,
It has been quite popular since then, with over 8,000 downloads!
Throughout that time i have received a number of questions about how to tweak the script to do various things or fix bugs and errors that people have found.
I have been tweaking it as i go, without much notification to anyone. I have just finished quite a big change, so i thought i would put up a post here, to let people know.
So what’s new?
Comments. Well firstly i added a lot more comments to the script itself. Not very exciting, but for those wanting to tweak it themselves, kind of important.
Logging. I have added logging so any notifications generated can also be outputted into a CSV file.
Testing. A lot of people wanted to be able to test it, but not have users emailed directly, so now you can have all notifications emailed to a separate address. Which you can see in the above email, all the emails going to testuser@company.com .
As always i welcome any comments or suggestions for the script over at the TechNet Gallery.
I have posted a troubleshooting guide here.
About Robert Pearman
Title (Required) 
This chnage makes it so if the password expires in 1 day it says 1 day instead of 1 days
if (($messageDays) -gt “1”)
{
$messageDays = “in ” + “$daystoexpire” + ” days”
}
elseif (($messageDays) -eq “1”)
{
$messageDays = “in ” + “$daystoexpire” + ” day”
}
else
{
$messageDays = “today”
}
I think I actually updated that in a newer version of the script:
# Check Number of Days to Expiry$messageDays = $daystoexpire
if (($messageDays) -ge "1")
{
$messageDays = "in " + "$daystoexpire" + " days."
}
else
{
$messageDays = "today."
}
Your way may be better though :)
I have looked through your different iterations and your youtube channel – I am very impressed at how well the script works and the level of detail you put into the knowledge transfer to us Powershell novices. I did not see any example of authenticating to an SMTP server. We use a third party provider that requires SMTP encryption and authentication. I see where Send-Mailmessage supports encryption but it does not support authentication. I was thinking about trying to use System.Net.Mail with your script but before I roll up my sleeves I wanted to see if you already had authentication added in another version.
Rick
You can use -credential which will support a credential variable. However to do that, without user interaction you must store the password. You can store a secure-string in an encrypted file, but I did not want to advocate doing so due to potential security risks. It is relatively easy to find out how to do it with a quick search on Google.
Hi Robert,
I find that scheduling this script will sometimes cause runaway PS processes that Task Scheduler fails to kill, causing the task to stop running on schedule (even though kill after 1 hour is set).
So, I slightly enhanced it by adding the following code before it initializes the log:
function preventDoubleSchedule{
$scriptFileName = split-path $MyInvocation.PSCommandPath -Leaf
try{
[Array]$psProcesses = @(Get-WmiObject Win32_Process -Filter “name like ‘%Powershell.exe%’ and handle != ‘$pid'” | where {$_})
}catch{
Throw
}
if($psProcesses.Count -gt 0){
foreach($psProcess in $psProcesses){
if($psProcess.CommandLine -like “*$scriptFileName*” -and $scriptFileName){
##we’ve found a Powershell process that is running this script, but does not have the same process ID, lets try to kill it
try{
Stop-Process -Id $psProcess.Handle -Force -Confirm:$False
}catch{
Throw
}
}
}
}
}
preventDoubleSchedule
Sounds good!
Hello Robert. I am working with your script version 2.3 dated March 2017. I would like to change the days to expire to 14, 7, 2 and 1. I see multiple lines referencing daystoexpire. Can you tell me where and the syntax that I need to modify? Thank you,
Mike
if (( ($daystoexpire -eq “14”) -or ($daystoexpire -eq “7”) -or ($daystoexpire -eq “2”) -or ($daystoexpire -eq “1”))
{….}
i think that would work.
Is there a way to dictate the port for the smtp server?
Yes, -port