PowerShell Password Reminder Script Updated!
February 21, 2017 19 Comments
Today I finally released my updated version of the now infamous, PowerShell Password Reminder script.
It has been a long time coming, and I have tried to incorporate a lot of the feedback (if not all from the 230 Q&As from the TechNet Gallery.
Now on GitHub https://github.com/titlerequired/public
I switched away from static variables inside the script in favour of using Parameters and also changed some of the logic in how the User objects are found and processed. Instead of processing each one in turn fully we now grab the relevant accounts, work out their password expiry date and then move on. PowerShell itself then filters those who need to be notified and we then process those in turn.
I have tried to increase the usefulness of the logs, especially around the SMTP session.
In the old script, any errors in the SMTP session would only be seen when running interactively. The log would only show whether or not a user should have been notified.
In the new script we will capture that error and log it.
It is not all change though! HTML customisations will still work, and it can still be run as a scheduled task.
I may go through and update all of the videos I added to my YouTube Channel to reflect the changes in the script, however as the two are still quite similar in that respect I might not, but I did post a new video with a bit of a demonstration of the new version here.
The only thing left to do is say thank you to anyone who has downloaded and is using the script, it really has been a lot of fun to work on over the last few years. My only regret is that I didn’t charge £1 for the download.
Oh, also, download it here!!
Robert, this Script has proven to work great through testing. However, I’m noticing something very strange. While running the script in the ISE, it successfully sends emails to which ever users qualify (I set my notifications starting at 7 days til expiration.) I can even watch the script quickly scroll through the users in the organizational units I chose to run it against while doing so. My problem is when trying to run the script from Windows task scheduler. NOTHING HAPPENS and I can’t seem to figure out why. I’ve tried using the -sta flag and still nothing. I notice it doesn’t run by right-click>run with powershell, either.
One thing I noticed is that it worked fine (using Task Scheduler) when I was testing it with only one test OU over a weekend about a month ago. Since then I had made some changes to the script, mostly adding more OUs to run against but now it doesn’t run. I am using Version 1.4, February 2016 of your script which I can’t seem to find the original copy of anymore. Any type of advice would be greatly appreciated. Thanks in advance!
P.S. – I Would consider myself a beginner-intermediate level powershell user if that helps.
Windows Server 2008 R2 Datacenter
SP1 / 64bit
PSVersion 5.0.10586.117
Set your Actions > Program/Script to C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
and add arguments of -file “<>\<>”
Hello Robert,
Thank you for this script I have a client that I am using it for and it works great.
I also wanted to leave a comment about how to target specific days in the new 2.2 version, with very little scripting experience it took me a long time to figure out and though it might help someone.
On line 141 in an unmodified version it looks like this.
$notifyUsers = $colUsers | where { $_.DaysToExpire -le $expireInDays}
What I did to target specific days to send the email was change the line to this.
$notifyUsers = $colUsers | where { $_.DaysToExpire -eq “21” -or $_.DaysToExpire -eq “14” -or $_.DaysToExpire -eq “7” -or $_.DaysToExpire -eq “2” -or $_.DaysToExpire -eq “1” -or $_.DaysToExpire -eq “0” }
Not sure if this is the easiest way, its what worked for me.
Thank you,
Brandon
If it works, that’s good enough.
Robert, love the script. Well designed. I have it working in my primary domain, but am having an issue with my AWS domin. I am getting an error in the CSV file that says ‘A parameter cannot be found that matches parameter name ‘from’. I’ve edited the from a number of ways, but I can’t seem to get past it. The script runs without error.
Can you drop me a line through https://windowsserveressentials.com/support ?
Is there a guide to setting this up? I’m having trouble figuring out where to begin. My SMTP server requires authentication… can’t find where to set that in the script. Also is this the only script you need? I keep reading you need two scripts. Help! :)
You just need to store the credentials in a way that that can be reused by PowerShell.
I have not found on your webpage or in the videos where I input the information in the ver 2.7 of your Password Reminder script? I am learning…Novice!
Hi Robert, I have made a change which I thought you might like to look at with regards to the report, instead of adding the CSV as an attachment I add it to the email body as it saves one click for the managers :) which is always vital I find
Line 301 add this after the {
$htmlformat =@”
building{background-color:#FFFFFB;color:#00005C;font-family:Arial,sans-serif;font-size:15px;}
TABLE{border-width: 3px;border-style: solid;border-color: black;border-collapse: collapse;}
TH{border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color:#FFFFFF}
TD{border-width: 1px;padding: 8px;border-style: solid;border-color: black;background-color:#FFFFFF}
“@
Then before $reportBody add
$EmailBody = Import-Csv -Path “$logFile” | ConvertTo-Html -Head $htmlformat
Then change the reportBody variable to your required message and add $EmailBody where ever makes sense and it will show you the CSV File in the email body.
You can then either remove the attachment from the Send-Mailmessage line or leave it depending on your requirements.
Hope that helps someone, thanks for this wonderful script.
Rob
works great, just a request is it possible to send first email 15 days before the expiry, second 5 days before as if I set this to run everyday and users will get email daily.
You can use the -interval parameter for this. Check out the latest version here, https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27
Thanks Robert. you are a star.
Robert, this seems to not run for some reason and no email has been fired. I am getting “Skipped – Interval”
Any ideas?
Hi Robert, is it possible to update the download link because the link from TechNet is not working?
It’s on GitHub now.
Great script! I have been using it for years now. Do you have any plans to update it so that it can use modern authentication in O365?
No I don’t think so, best practice these days for 365 is to use complex non expiring passwords with MFA.
It is possible to set the subject line to RED within the scripts so it stands out? Or any other options so users don’t disregard these emails?