Vista - script to determine password expire date and send email notificati

01-05-2009

How can I use a script to determine password-expiration dates for users in a
organizational unit (OU) and send an email message to accounts whose
passwords expire soon?
For example, if my password expires after 14 days, then it sends me email
with that info.

01-06-2009

OK the only thing i need now is the email sending support for this:

# get domain maximumPasswordAge value (it is always constant in my case)
$maximumPasswordAge = 90

# exclude users with no expiring password or cannot change password
$ldap =
"(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=64)"

# create calculated property to display days until password expire
$daysUntilExpire =
@{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}}

# get all users
$expireIn = 0

# get enabled users that meet the above criteria
Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap $ldap |
where {$_.passwordAge.value -gt
0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt $expireIn} |
select Name,email,passwordAge,$daysUntilExpire | sort daysUntilExpire

##End of script

I need the script to send email to account who's daysUntilExpire value
equals 14

01-07-2009

OK i managed to write this, displaying works great but it does not send
emails - any ideas whats wrong with the email sending part of the script?

#start of the script

# get domain maximumPasswordAge password policy
$maximumPasswordAge = 90

# exclude users with no expiring password or cannot change password
$ldap =
"(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=64)"

# create calculated property to display days until password expire
$daysUntilExpire =
@{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}}

$expireIn = 0

# get enabled users that meet the above criteria
Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap $ldap |
where {$_.passwordAge.value -gt
0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt $expireIn} |
select Name,email,passwordAge,$daysUntilExpire | sort daysUntilExpire

# send email to account who's password will expire in 14 days
$username = $_.Name
$email = $_.Email
$smtpServer = "mysmtpserver.domain.com"

if ($daysUntilExpire -eq 14 -and $email -ne "")
{
Write-Host "User $username has $daysUntilExpire days left before password
expires. Message will be sent to $email."
$subject = "Your login password will expire in $daysUntilExpire days."
$body = "Hello $username . Your login password will expire in
$daysUntilExpire days."
Send-smtpMail -smtphost $smtpServer -to $email -from
"passwexpnotify@xxxxxx" -subject $subject -body $body
}

#end of the script

01-07-2009

Hello Eero,

I wouldn't set the $maximumPasswordAge var to a fixed value, someone may
change the password policy and you wont even know. This can lead the script
to send false emails.
I've also changed the ldap query, I removed the 'no expiring password' filter
and replaced it with the -passwordNeverExpires built-in parameter.

To get users that their password expires in 14 days: -eq $expireIn
To get users that their password expires in 14 days or more: -ge $expireIn

As a side note, PowerShell CTP3 has a new cmdlet to send emails, look for
: Send-MailMessage

function Send-Mail{

param($smtpServer,$from,$to,$subject,$body)

$smtp = new-object system.net.mail.smtpClient($SmtpServer)
$mail = new-object System.Net.Mail.MailMessage

$mail.from = $from
$mail.to.add($to)
$mail.subject = $subject
$mail.body = $body
#$mail.IsBodyHtml = $true

$smtp.send($mail)
}

# get domain maximumPasswordAge password policy
$maximumPasswordAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.days

if(!$maximumPasswordAge){
throw "Domain 'MaximumPasswordAge'password policy is not configured (set
to 0)."
}

# exclude users that cannot change password
$ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"

# create calculated property to display days until password expire
$daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}}

$expireIn = 14

# get enabled users that meet the above criteria
$expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true -size 0
-ldap $ldap | where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days)
-eq $expireIn}

$expiredUsers | foreach {
if($_.email)
{
$subject="Your password will expire in $expireIn days"
$body="Your password will expire in $expireIn days"
Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to $_.email
-subject $subject -body $body
}
else
{
write-warning "user $($_.name) has no email address"
}
}
}
}

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

EJ> OK i managed to write this, displaying works great but it does not
EJ> send emails - any ideas whats wrong with the email sending part of
EJ> the script?
EJ>
EJ> #start of the script
EJ>
EJ> # get domain maximumPasswordAge password policy
EJ> $maximumPasswordAge = 90
EJ> # exclude users with no expiring password or cannot change password
EJ>
EJ> $ldap =
EJ>
EJ> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon
EJ> trol:1.2.840.113556.1.4.803:=64)"
EJ>
EJ> # create calculated property to display days until password expire
EJ> $daysUntilExpire =
EJ> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da
EJ> ys}}
EJ>
EJ> $expireIn = 0
EJ>
EJ> # get enabled users that meet the above criteria
EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap
EJ> $ldap |
EJ> where {$_.passwordAge.value -gt
EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
EJ> $expireIn} |
EJ> select Name,email,passwordAge,$daysUntilExpire | sort
EJ> daysUntilExpire
EJ> # send email to account who's password will expire in 14 days
EJ> $username = $_.Name
EJ> $email = $_.Email
EJ> $smtpServer = "mysmtpserver.domain.com"
EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
EJ> {
EJ> Write-Host "User $username has $daysUntilExpire days left before
EJ> password
EJ> expires. Message will be sent to $email."
EJ> $subject = "Your login password will expire in $daysUntilExpire
EJ> days."
EJ> $body = "Hello $username . Your login password will expire in
EJ> $daysUntilExpire days."
EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
EJ> }
EJ> #end of the script
EJ>

01-07-2009

Thank you Shay,
But right now this code gives me error:
Missing expression after unary operator '-'.
At C:\ps\passwnotify.ps1:35 char:2
+ -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
($maximumPasswordAge-$_.passwordAge.value.days)

What might be the problem?
Eero

"Shay Levy [MVP]" wrote:

Quote:

> Hello Eero,
>
>
> I wouldn't set the $maximumPasswordAge var to a fixed value, someone may
> change the password policy and you wont even know. This can lead the script
> to send false emails.
> I've also changed the ldap query, I removed the 'no expiring password' filter
> and replaced it with the -passwordNeverExpires built-in parameter.
>
> To get users that their password expires in 14 days: -eq $expireIn
> To get users that their password expires in 14 days or more: -ge $expireIn
>
> As a side note, PowerShell CTP3 has a new cmdlet to send emails, look for
> : Send-MailMessage
>
>
>
> function Send-Mail{
>
> param($smtpServer,$from,$to,$subject,$body)
>
> $smtp = new-object system.net.mail.smtpClient($SmtpServer)
> $mail = new-object System.Net.Mail.MailMessage
>
> $mail.from = $from
> $mail.to.add($to)
> $mail.subject = $subject
> $mail.body = $body
> #$mail.IsBodyHtml = $true
>
> $smtp.send($mail)
> }
>
> # get domain maximumPasswordAge password policy
> $maximumPasswordAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.days
>
> if(!$maximumPasswordAge){
> throw "Domain 'MaximumPasswordAge'password policy is not configured (set
> to 0)."
> }
>
> # exclude users that cannot change password
> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
>
> # create calculated property to display days until password expire
> $daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}}
>
> $expireIn = 14
>
> # get enabled users that meet the above criteria
> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true -size 0
> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days)
> -eq $expireIn}
>
> $expiredUsers | foreach {
> if($_.email)
> {
> $subject="Your password will expire in $expireIn days"
> $body="Your password will expire in $expireIn days"
> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to $_.email
> -subject $subject -body $body
> }
> else
> {
> write-warning "user $($_.name) has no email address"
> }
> }
> }
> }
>
>
>
>
>
> ---
> Shay Levy
> Windows PowerShell MVP
> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>
>
> EJ> OK i managed to write this, displaying works great but it does not
> EJ> send emails - any ideas whats wrong with the email sending part of
> EJ> the script?
> EJ>
> EJ> #start of the script
> EJ>
> EJ> # get domain maximumPasswordAge password policy
> EJ> $maximumPasswordAge = 90
> EJ> # exclude users with no expiring password or cannot change password
> EJ>
> EJ> $ldap =
> EJ>
> EJ> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon
> EJ> trol:1.2.840.113556.1.4.803:=64)"
> EJ>
> EJ> # create calculated property to display days until password expire
> EJ> $daysUntilExpire =
> EJ> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da
> EJ> ys}}
> EJ>
> EJ> $expireIn = 0
> EJ>
> EJ> # get enabled users that meet the above criteria
> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap
> EJ> $ldap |
> EJ> where {$_.passwordAge.value -gt
> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
> EJ> $expireIn} |
> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
> EJ> daysUntilExpire
> EJ> # send email to account who's password will expire in 14 days
> EJ> $username = $_.Name
> EJ> $email = $_.Email
> EJ> $smtpServer = "mysmtpserver.domain.com"
> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
> EJ> {
> EJ> Write-Host "User $username has $daysUntilExpire days left before
> EJ> password
> EJ> expires. Message will be sent to $email."
> EJ> $subject = "Your login password will expire in $daysUntilExpire
> EJ> days."
> EJ> $body = "Hello $username . Your login password will expire in
> EJ> $daysUntilExpire days."
> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
> EJ> }
> EJ> #end of the script
> EJ>
>
>
>

01-07-2009

Hello Eero,

It is probably due to the post wrapping. Make sure the $expiredUsers variable assigmnet is on one line. I've also attached the code as a text file, hopefully it will be posted.

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

EJ> Thank you Shay,
EJ> But right now this code gives me error:
EJ> Missing expression after unary operator '-'.
EJ> At C:\ps\passwnotify.ps1:35 char:2
EJ> + -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
EJ> ($maximumPasswordAge-$_.passwordAge.value.days)
EJ> What might be the problem?
EJ> Eero
EJ> "Shay Levy [MVP]" wrote:
EJ>

Quote:

>> Hello Eero,
>>
>> I wouldn't set the $maximumPasswordAge var to a fixed value, someone
>> may
>> change the password policy and you wont even know. This can lead the
>> script
>> to send false emails.
>> I've also changed the ldap query, I removed the 'no expiring
>> password' filter
>> and replaced it with the -passwordNeverExpires built-in parameter.
>> To get users that their password expires in 14 days: -eq $expireIn To
>> get users that their password expires in 14 days or more: -ge
>> $expireIn
>>
>> As a side note, PowerShell CTP3 has a new cmdlet to send emails, look
>> for : Send-MailMessage
>>
>> function Send-Mail{
>>
>> param($smtpServer,$from,$to,$subject,$body)
>>
>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail =
>> new-object System.Net.Mail.MailMessage
>>
>> $mail.from = $from
>> $mail.to.add($to)
>> $mail.subject = $subject
>> $mail.body = $body
>> #$mail.IsBodyHtml = $true
>> $smtp.send($mail)
>> }
>> # get domain maximumPasswordAge password policy
>> $maximumPasswordAge = (Get-QADObject
>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.day
>> s
>> if(!$maximumPasswordAge){ throw "Domain 'MaximumPasswordAge'password
>> policy is not configured (set to 0)." }
>>
>> # exclude users that cannot change password
>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
>> # create calculated property to display days until password expire
>> $daysUntilExpire =
>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.day
>> s}}
>>
>> $expireIn = 14
>>
>> # get enabled users that meet the above criteria
>>
>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true
>> -size 0
>>
>> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND
>> ($maximumPasswordAge-$_.passwordAge.value.days)
>>
>> -eq $expireIn}
>>
>> $expiredUsers | foreach {
>> if($_.email)
>> {
>> $subject="Your password will expire in $expireIn days"
>> $body="Your password will expire in $expireIn days"
>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to
>> $_.email
>> -subject $subject -body $body
>> }
>> else
>> {
>> write-warning "user $($_.name) has no email address"
>> }
>> }
>> }
>> }
>> ---
>> Shay Levy
>> Windows PowerShell MVP
>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>> EJ> OK i managed to write this, displaying works great but it does
>> not
>> EJ> send emails - any ideas whats wrong with the email sending part
>> of
>> EJ> the script?
>> EJ>
>> EJ> #start of the script
>> EJ>
>> EJ> # get domain maximumPasswordAge password policy
>> EJ> $maximumPasswordAge = 90
>> EJ> # exclude users with no expiring password or cannot change
>> password
>> EJ>
>> EJ> $ldap =
>> EJ>
>> EJ>
>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon
>> EJ> trol:1.2.840.113556.1.4.803:=64)"
>> EJ>
>> EJ> # create calculated property to display days until password
>> expire
>> EJ> $daysUntilExpire =
>> EJ>
>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da
>> EJ> ys}}
>> EJ>
>> EJ> $expireIn = 0
>> EJ>
>> EJ> # get enabled users that meet the above criteria
>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0
>> -ldap
>> EJ> $ldap |
>> EJ> where {$_.passwordAge.value -gt
>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
>> EJ> $expireIn} |
>> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
>> EJ> daysUntilExpire
>> EJ> # send email to account who's password will expire in 14 days
>> EJ> $username = $_.Name
>> EJ> $email = $_.Email
>> EJ> $smtpServer = "mysmtpserver.domain.com"
>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
>> EJ> {
>> EJ> Write-Host "User $username has $daysUntilExpire days left before
>> EJ> password
>> EJ> expires. Message will be sent to $email."
>> EJ> $subject = "Your login password will expire in $daysUntilExpire
>> EJ> days."
>> EJ> $body = "Hello $username . Your login password will expire in
>> EJ> $daysUntilExpire days."
>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
>> EJ> }
>> EJ> #end of the script
>> EJ>

01-07-2009

OK i removed the wraps but now i get this error:

Unexpected token 'Send-Mail' in expression or statement.
At C:\ps\passwordnotify.ps1:39 char:66
+ $body="Your password will expire in $expireIn days" Send-Mail <<<<
-smtpServer "mysmtpserver.mydomain.com" -from
"passwnotify@xxxxxx" -to $_.email -subject $subject -body $body

Can you see what is wrong here?
Big thanks,
Eero

"Shay Levy [MVP]" wrote:

Quote:

> Hello Eero,
>
> It is probably due to the post wrapping. Make sure the $expiredUsers variable assigmnet is on one line. I've also attached the code as a text file, hopefully it will be posted.
>
> ---
> Shay Levy
> Windows PowerShell MVP
> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>
>
> EJ> Thank you Shay,
> EJ> But right now this code gives me error:
> EJ> Missing expression after unary operator '-'.
> EJ> At C:\ps\passwnotify.ps1:35 char:2
> EJ> + -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
> EJ> ($maximumPasswordAge-$_.passwordAge.value.days)
> EJ> What might be the problem?
> EJ> Eero
> EJ> "Shay Levy [MVP]" wrote:
> EJ>

Quote:

> >> Hello Eero,
> >>
> >> I wouldn't set the $maximumPasswordAge var to a fixed value, someone
> >> may
> >> change the password policy and you wont even know. This can lead the
> >> script
> >> to send false emails.
> >> I've also changed the ldap query, I removed the 'no expiring
> >> password' filter
> >> and replaced it with the -passwordNeverExpires built-in parameter.
> >> To get users that their password expires in 14 days: -eq $expireIn To
> >> get users that their password expires in 14 days or more: -ge
> >> $expireIn
> >>
> >> As a side note, PowerShell CTP3 has a new cmdlet to send emails, look
> >> for : Send-MailMessage
> >>
> >> function Send-Mail{
> >>
> >> param($smtpServer,$from,$to,$subject,$body)
> >>
> >> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail =
> >> new-object System.Net.Mail.MailMessage
> >>
> >> $mail.from = $from
> >> $mail.to.add($to)
> >> $mail.subject = $subject
> >> $mail.body = $body
> >> #$mail.IsBodyHtml = $true
> >> $smtp.send($mail)
> >> }
> >> # get domain maximumPasswordAge password policy
> >> $maximumPasswordAge = (Get-QADObject
> >> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.day
> >> s
> >> if(!$maximumPasswordAge){ throw "Domain 'MaximumPasswordAge'password
> >> policy is not configured (set to 0)." }
> >>
> >> # exclude users that cannot change password
> >> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
> >> # create calculated property to display days until password expire
> >> $daysUntilExpire =
> >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.day
> >> s}}
> >>
> >> $expireIn = 14
> >>
> >> # get enabled users that meet the above criteria
> >>
> >> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true
> >> -size 0
> >>
> >> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND
> >> ($maximumPasswordAge-$_.passwordAge.value.days)
> >>
> >> -eq $expireIn}
> >>
> >> $expiredUsers | foreach {
> >> if($_.email)
> >> {
> >> $subject="Your password will expire in $expireIn days"
> >> $body="Your password will expire in $expireIn days"
> >> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to
> >> $_.email
> >> -subject $subject -body $body
> >> }
> >> else
> >> {
> >> write-warning "user $($_.name) has no email address"
> >> }
> >> }
> >> }
> >> }
> >> ---
> >> Shay Levy
> >> Windows PowerShell MVP
> >> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> >> PowerShell Toolbar: http://tinyurl.com/PSToolbar
> >> EJ> OK i managed to write this, displaying works great but it does
> >> not
> >> EJ> send emails - any ideas whats wrong with the email sending part
> >> of
> >> EJ> the script?
> >> EJ>
> >> EJ> #start of the script
> >> EJ>
> >> EJ> # get domain maximumPasswordAge password policy
> >> EJ> $maximumPasswordAge = 90
> >> EJ> # exclude users with no expiring password or cannot change
> >> password
> >> EJ>
> >> EJ> $ldap =
> >> EJ>
> >> EJ>
> >> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon
> >> EJ> trol:1.2.840.113556.1.4.803:=64)"
> >> EJ>
> >> EJ> # create calculated property to display days until password
> >> expire
> >> EJ> $daysUntilExpire =
> >> EJ>
> >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da
> >> EJ> ys}}
> >> EJ>
> >> EJ> $expireIn = 0
> >> EJ>
> >> EJ> # get enabled users that meet the above criteria
> >> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0
> >> -ldap
> >> EJ> $ldap |
> >> EJ> where {$_.passwordAge.value -gt
> >> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
> >> EJ> $expireIn} |
> >> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
> >> EJ> daysUntilExpire
> >> EJ> # send email to account who's password will expire in 14 days
> >> EJ> $username = $_.Name
> >> EJ> $email = $_.Email
> >> EJ> $smtpServer = "mysmtpserver.domain.com"
> >> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
> >> EJ> {
> >> EJ> Write-Host "User $username has $daysUntilExpire days left before
> >> EJ> password
> >> EJ> expires. Message will be sent to $email."
> >> EJ> $subject = "Your login password will expire in $daysUntilExpire
> >> EJ> days."
> >> EJ> $body = "Hello $username . Your login password will expire in
> >> EJ> $daysUntilExpire days."
> >> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
> >> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
> >> EJ> }
> >> EJ> #end of the script
> >> EJ>

>

01-08-2009

Hello Eero,

The Send-Mail call should be on a line of its own. The script is attached
to the previous thread. Do you see it?

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

EJ> OK i removed the wraps but now i get this error:
EJ>
EJ> Unexpected token 'Send-Mail' in expression or statement.
EJ> At C:\ps\passwordnotify.ps1:39 char:66
EJ> + $body="Your password will expire in $expireIn days" Send-Mail
EJ> <<<<
EJ> -smtpServer "mysmtpserver.mydomain.com" -from
EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body
EJ> $body
EJ> Can you see what is wrong here?
EJ> Big thanks,
EJ> Eero
EJ> "Shay Levy [MVP]" wrote:
EJ>

Quote:

>> Hello Eero,
>>
>> It is probably due to the post wrapping. Make sure the $expiredUsers
>> variable assigmnet is on one line. I've also attached the code as a
>> text file, hopefully it will be posted.
>>
>> ---
>> Shay Levy
>> Windows PowerShell MVP
>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>> EJ> Thank you Shay,
>> EJ> But right now this code gives me error:
>> EJ> Missing expression after unary operator '-'.
>> EJ> At C:\ps\passwnotify.ps1:35 char:2
>> EJ> + -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
>> EJ> ($maximumPasswordAge-$_.passwordAge.value.days)
>> EJ> What might be the problem?
>> EJ> Eero
>> EJ> "Shay Levy [MVP]" wrote:
>> EJ>

Quote:

>>>> Hello Eero,
>>>>
>>>> I wouldn't set the $maximumPasswordAge var to a fixed value,
>>>> someone
>>>> may
>>>> change the password policy and you wont even know. This can lead
>>>> the
>>>> script
>>>> to send false emails.
>>>> I've also changed the ldap query, I removed the 'no expiring
>>>> password' filter
>>>> and replaced it with the -passwordNeverExpires built-in parameter.
>>>> To get users that their password expires in 14 days: -eq $expireIn
>>>> To
>>>> get users that their password expires in 14 days or more: -ge
>>>> $expireIn
>>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails,
>>>> look for : Send-MailMessage
>>>>
>>>> function Send-Mail{
>>>>
>>>> param($smtpServer,$from,$to,$subject,$body)
>>>>
>>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail =
>>>> new-object System.Net.Mail.MailMessage
>>>>
>>>> $mail.from = $from
>>>> $mail.to.add($to)
>>>> $mail.subject = $subject
>>>> $mail.body = $body
>>>> #$mail.IsBodyHtml = $true
>>>> $smtp.send($mail)
>>>> }
>>>> # get domain maximumPasswordAge password policy
>>>> $maximumPasswordAge = (Get-QADObject
>>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.d
>>>> ay
>>>> s
>>>> if(!$maximumPasswordAge){ throw "Domain
>>>> 'MaximumPasswordAge'password
>>>> policy is not configured (set to 0)." }
>>>> # exclude users that cannot change password
>>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
>>>> # create calculated property to display days until password expire
>>>> $daysUntilExpire =
>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d
>>>> ay
>>>> s}}
>>>> $expireIn = 14
>>>>
>>>> # get enabled users that meet the above criteria
>>>>
>>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true
>>>> -size 0
>>>>
>>>> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND
>>>> ($maximumPasswordAge-$_.passwordAge.value.days)
>>>>
>>>> -eq $expireIn}
>>>>
>>>> $expiredUsers | foreach {
>>>> if($_.email)
>>>> {
>>>> $subject="Your password will expire in $expireIn days"
>>>> $body="Your password will expire in $expireIn days"
>>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to
>>>> $_.email
>>>> -subject $subject -body $body
>>>> }
>>>> else
>>>> {
>>>> write-warning "user $($_.name) has no email address"
>>>> }
>>>> }
>>>> }
>>>> }
>>>> ---
>>>> Shay Levy
>>>> Windows PowerShell MVP
>>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>>>> EJ> OK i managed to write this, displaying works great but it does
>>>> not
>>>> EJ> send emails - any ideas whats wrong with the email sending part
>>>> of
>>>> EJ> the script?
>>>> EJ>
>>>> EJ> #start of the script
>>>> EJ>
>>>> EJ> # get domain maximumPasswordAge password policy
>>>> EJ> $maximumPasswordAge = 90
>>>> EJ> # exclude users with no expiring password or cannot change
>>>> password
>>>> EJ>
>>>> EJ> $ldap =
>>>> EJ>
>>>> EJ>
>>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCo
>>>> n
>>>> EJ> trol:1.2.840.113556.1.4.803:=64)"
>>>> EJ>
>>>> EJ> # create calculated property to display days until password
>>>> expire
>>>> EJ> $daysUntilExpire =
>>>> EJ>
>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d
>>>> a
>>>> EJ> ys}}
>>>> EJ>
>>>> EJ> $expireIn = 0
>>>> EJ>
>>>> EJ> # get enabled users that meet the above criteria
>>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0
>>>> -ldap
>>>> EJ> $ldap |
>>>> EJ> where {$_.passwordAge.value -gt
>>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
>>>> EJ> $expireIn} |
>>>> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
>>>> EJ> daysUntilExpire
>>>> EJ> # send email to account who's password will expire in 14 days
>>>> EJ> $username = $_.Name
>>>> EJ> $email = $_.Email
>>>> EJ> $smtpServer = "mysmtpserver.domain.com"
>>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
>>>> EJ> {
>>>> EJ> Write-Host "User $username has $daysUntilExpire days left
>>>> before
>>>> EJ> password
>>>> EJ> expires. Message will be sent to $email."
>>>> EJ> $subject = "Your login password will expire in $daysUntilExpire
>>>> EJ> days."
>>>> EJ> $body = "Hello $username . Your login password will expire in
>>>> EJ> $daysUntilExpire days."
>>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
>>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
>>>> EJ> }
>>>> EJ> #end of the script
>>>> EJ>

01-08-2009

The script works now but unfortunately everytime i run it, i always get the
result:
WARNING: user has no email address
It cannot display username and cannot find email address.
Any ideas?
Thank you,
Eero

"Shay Levy [MVP]" wrote:

Quote:

> Hello Eero,
>
>
> The Send-Mail call should be on a line of its own. The script is attached
> to the previous thread. Do you see it?
>
> ---
> Shay Levy
> Windows PowerShell MVP
> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>
>
> EJ> OK i removed the wraps but now i get this error:
> EJ>
> EJ> Unexpected token 'Send-Mail' in expression or statement.
> EJ> At C:\ps\passwordnotify.ps1:39 char:66
> EJ> + $body="Your password will expire in $expireIn days" Send-Mail
> EJ> <<<<
> EJ> -smtpServer "mysmtpserver.mydomain.com" -from
> EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body
> EJ> $body
> EJ> Can you see what is wrong here?
> EJ> Big thanks,
> EJ> Eero
> EJ> "Shay Levy [MVP]" wrote:
> EJ>

Quote:

> >> Hello Eero,
> >>
> >> It is probably due to the post wrapping. Make sure the $expiredUsers
> >> variable assigmnet is on one line. I've also attached the code as a
> >> text file, hopefully it will be posted.
> >>
> >> ---
> >> Shay Levy
> >> Windows PowerShell MVP
> >> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> >> PowerShell Toolbar: http://tinyurl.com/PSToolbar
> >> EJ> Thank you Shay,
> >> EJ> But right now this code gives me error:
> >> EJ> Missing expression after unary operator '-'.
> >> EJ> At C:\ps\passwnotify.ps1:35 char:2
> >> EJ> + -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
> >> EJ> ($maximumPasswordAge-$_.passwordAge.value.days)
> >> EJ> What might be the problem?
> >> EJ> Eero
> >> EJ> "Shay Levy [MVP]" wrote:
> >> EJ>
> >>>> Hello Eero,
> >>>>
> >>>> I wouldn't set the $maximumPasswordAge var to a fixed value,
> >>>> someone
> >>>> may
> >>>> change the password policy and you wont even know. This can lead
> >>>> the
> >>>> script
> >>>> to send false emails.
> >>>> I've also changed the ldap query, I removed the 'no expiring
> >>>> password' filter
> >>>> and replaced it with the -passwordNeverExpires built-in parameter.
> >>>> To get users that their password expires in 14 days: -eq $expireIn
> >>>> To
> >>>> get users that their password expires in 14 days or more: -ge
> >>>> $expireIn
> >>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails,
> >>>> look for : Send-MailMessage
> >>>>
> >>>> function Send-Mail{
> >>>>
> >>>> param($smtpServer,$from,$to,$subject,$body)
> >>>>
> >>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail =
> >>>> new-object System.Net.Mail.MailMessage
> >>>>
> >>>> $mail.from = $from
> >>>> $mail.to.add($to)
> >>>> $mail.subject = $subject
> >>>> $mail.body = $body
> >>>> #$mail.IsBodyHtml = $true
> >>>> $smtp.send($mail)
> >>>> }
> >>>> # get domain maximumPasswordAge password policy
> >>>> $maximumPasswordAge = (Get-QADObject
> >>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.d
> >>>> ay
> >>>> s
> >>>> if(!$maximumPasswordAge){ throw "Domain
> >>>> 'MaximumPasswordAge'password
> >>>> policy is not configured (set to 0)." }
> >>>> # exclude users that cannot change password
> >>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
> >>>> # create calculated property to display days until password expire
> >>>> $daysUntilExpire =
> >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d
> >>>> ay
> >>>> s}}
> >>>> $expireIn = 14
> >>>>
> >>>> # get enabled users that meet the above criteria
> >>>>
> >>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true
> >>>> -size 0
> >>>>
> >>>> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND
> >>>> ($maximumPasswordAge-$_.passwordAge.value.days)
> >>>>
> >>>> -eq $expireIn}
> >>>>
> >>>> $expiredUsers | foreach {
> >>>> if($_.email)
> >>>> {
> >>>> $subject="Your password will expire in $expireIn days"
> >>>> $body="Your password will expire in $expireIn days"
> >>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to
> >>>> $_.email
> >>>> -subject $subject -body $body
> >>>> }
> >>>> else
> >>>> {
> >>>> write-warning "user $($_.name) has no email address"
> >>>> }
> >>>> }
> >>>> }
> >>>> }
> >>>> ---
> >>>> Shay Levy
> >>>> Windows PowerShell MVP
> >>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> >>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
> >>>> EJ> OK i managed to write this, displaying works great but it does
> >>>> not
> >>>> EJ> send emails - any ideas whats wrong with the email sending part
> >>>> of
> >>>> EJ> the script?
> >>>> EJ>
> >>>> EJ> #start of the script
> >>>> EJ>
> >>>> EJ> # get domain maximumPasswordAge password policy
> >>>> EJ> $maximumPasswordAge = 90
> >>>> EJ> # exclude users with no expiring password or cannot change
> >>>> password
> >>>> EJ>
> >>>> EJ> $ldap =
> >>>> EJ>
> >>>> EJ>
> >>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCo
> >>>> n
> >>>> EJ> trol:1.2.840.113556.1.4.803:=64)"
> >>>> EJ>
> >>>> EJ> # create calculated property to display days until password
> >>>> expire
> >>>> EJ> $daysUntilExpire =
> >>>> EJ>
> >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d
> >>>> a
> >>>> EJ> ys}}
> >>>> EJ>
> >>>> EJ> $expireIn = 0
> >>>> EJ>
> >>>> EJ> # get enabled users that meet the above criteria
> >>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0
> >>>> -ldap
> >>>> EJ> $ldap |
> >>>> EJ> where {$_.passwordAge.value -gt
> >>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
> >>>> EJ> $expireIn} |
> >>>> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
> >>>> EJ> daysUntilExpire
> >>>> EJ> # send email to account who's password will expire in 14 days
> >>>> EJ> $username = $_.Name
> >>>> EJ> $email = $_.Email
> >>>> EJ> $smtpServer = "mysmtpserver.domain.com"
> >>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
> >>>> EJ> {
> >>>> EJ> Write-Host "User $username has $daysUntilExpire days left
> >>>> before
> >>>> EJ> password
> >>>> EJ> expires. Message will be sent to $email."
> >>>> EJ> $subject = "Your login password will expire in $daysUntilExpire
> >>>> EJ> days."
> >>>> EJ> $body = "Hello $username . Your login password will expire in
> >>>> EJ> $daysUntilExpire days."
> >>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
> >>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
> >>>> EJ> }
> >>>> EJ> #end of the script
> >>>> EJ>

>
>
>

01-08-2009

Hello Eero,

1. I had a logic error, replace '-passwordNeverExpires $true' with '-passwordNeverExpires $false'
2. I moved the email attribute check to the ldap filter, it will get only users that have the mail attribute set (now there is no need for if/else inside the last foreach)
3. It doesn't output anything because you probably have no users with exact number of days defined in '-eq $expireIn', try to use '-ge $expireIn'

The new script is attached to this thread.

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar

EJ> The script works now but unfortunately everytime i run it, i always
EJ> get the
EJ> result:
EJ> WARNING: user has no email address
EJ> It cannot display username and cannot find email address.
EJ> Any ideas?
EJ> Thank you,
EJ> Eero
EJ> "Shay Levy [MVP]" wrote:
EJ>

Quote:

>> Hello Eero,
>>
>> The Send-Mail call should be on a line of its own. The script is
>> attached to the previous thread. Do you see it?
>>
>> ---
>> Shay Levy
>> Windows PowerShell MVP
>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>> EJ> OK i removed the wraps but now i get this error:
>> EJ>
>> EJ> Unexpected token 'Send-Mail' in expression or statement.
>> EJ> At C:\ps\passwordnotify.ps1:39 char:66
>> EJ> + $body="Your password will expire in $expireIn days" Send-Mail
>> EJ> <<<<
>> EJ> -smtpServer "mysmtpserver.mydomain.com" -from
>> EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body
>> EJ> $body
>> EJ> Can you see what is wrong here?
>> EJ> Big thanks,
>> EJ> Eero
>> EJ> "Shay Levy [MVP]" wrote:
>> EJ>

Quote:

>>>> Hello Eero,
>>>>
>>>> It is probably due to the post wrapping. Make sure the
>>>> $expiredUsers variable assigmnet is on one line. I've also attached
>>>> the code as a text file, hopefully it will be posted.
>>>>
>>>> ---
>>>> Shay Levy
>>>> Windows PowerShell MVP
>>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>>>> EJ> Thank you Shay,
>>>> EJ> But right now this code gives me error:
>>>> EJ> Missing expression after unary operator '-'.
>>>> EJ> At C:\ps\passwnotify.ps1:35 char:2
>>>> EJ> + -l <<<< dap $ldap | where {$_.passwordAge.value -gt 0 -AND
>>>> EJ> ($maximumPasswordAge-$_.passwordAge.value.days)
>>>> EJ> What might be the problem?
>>>> EJ> Eero
>>>> EJ> "Shay Levy [MVP]" wrote:
>>>> EJ>
>>>>>> Hello Eero,
>>>>>>
>>>>>> I wouldn't set the $maximumPasswordAge var to a fixed value,
>>>>>> someone
>>>>>> may
>>>>>> change the password policy and you wont even know. This can lead
>>>>>> the
>>>>>> script
>>>>>> to send false emails.
>>>>>> I've also changed the ldap query, I removed the 'no expiring
>>>>>> password' filter
>>>>>> and replaced it with the -passwordNeverExpires built-in
>>>>>> parameter.
>>>>>> To get users that their password expires in 14 days: -eq
>>>>>> $expireIn
>>>>>> To
>>>>>> get users that their password expires in 14 days or more: -ge
>>>>>> $expireIn
>>>>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails,
>>>>>> look for : Send-MailMessage
>>>>>> function Send-Mail{
>>>>>>
>>>>>> param($smtpServer,$from,$to,$subject,$body)
>>>>>>
>>>>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail
>>>>>> = new-object System.Net.Mail.MailMessage
>>>>>>
>>>>>> $mail.from = $from
>>>>>> $mail.to.add($to)
>>>>>> $mail.subject = $subject
>>>>>> $mail.body = $body
>>>>>> #$mail.IsBodyHtml = $true
>>>>>> $smtp.send($mail)
>>>>>> }
>>>>>> # get domain maximumPasswordAge password policy
>>>>>> $maximumPasswordAge = (Get-QADObject
>>>>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value
>>>>>> .d
>>>>>> ay
>>>>>> s
>>>>>> if(!$maximumPasswordAge){ throw "Domain
>>>>>> 'MaximumPasswordAge'password
>>>>>> policy is not configured (set to 0)." }
>>>>>> # exclude users that cannot change password
>>>>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)"
>>>>>> # create calculated property to display days until password
>>>>>> expire
>>>>>> $daysUntilExpire =
>>>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value
>>>>>> .d
>>>>>> ay
>>>>>> s}}
>>>>>> $expireIn = 14
>>>>>> # get enabled users that meet the above criteria
>>>>>>
>>>>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true
>>>>>> -size 0
>>>>>>
>>>>>> -ldap $ldap | where {$_.passwordAge.value -gt 0 -AND
>>>>>> ($maximumPasswordAge-$_.passwordAge.value.days)
>>>>>>
>>>>>> -eq $expireIn}
>>>>>>
>>>>>> $expiredUsers | foreach {
>>>>>> if($_.email)
>>>>>> {
>>>>>> $subject="Your password will expire in $expireIn days"
>>>>>> $body="Your password will expire in $expireIn days"
>>>>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to
>>>>>> $_.email
>>>>>> -subject $subject -body $body
>>>>>> }
>>>>>> else
>>>>>> {
>>>>>> write-warning "user $($_.name) has no email address"
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>> ---
>>>>>> Shay Levy
>>>>>> Windows PowerShell MVP
>>>>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic
>>>>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>>>>>> EJ> OK i managed to write this, displaying works great but it
>>>>>> does
>>>>>> not
>>>>>> EJ> send emails - any ideas whats wrong with the email sending
>>>>>> part
>>>>>> of
>>>>>> EJ> the script?
>>>>>> EJ>
>>>>>> EJ> #start of the script
>>>>>> EJ>
>>>>>> EJ> # get domain maximumPasswordAge password policy
>>>>>> EJ> $maximumPasswordAge = 90
>>>>>> EJ> # exclude users with no expiring password or cannot change
>>>>>> password
>>>>>> EJ>
>>>>>> EJ> $ldap =
>>>>>> EJ>
>>>>>> EJ>
>>>>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccount
>>>>>> Co
>>>>>> n
>>>>>> EJ> trol:1.2.840.113556.1.4.803:=64)"
>>>>>> EJ>
>>>>>> EJ> # create calculated property to display days until password
>>>>>> expire
>>>>>> EJ> $daysUntilExpire =
>>>>>> EJ>
>>>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value
>>>>>> .d
>>>>>> a
>>>>>> EJ> ys}}
>>>>>> EJ>
>>>>>> EJ> $expireIn = 0
>>>>>> EJ>
>>>>>> EJ> # get enabled users that meet the above criteria
>>>>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0
>>>>>> -ldap
>>>>>> EJ> $ldap |
>>>>>> EJ> where {$_.passwordAge.value -gt
>>>>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt
>>>>>> EJ> $expireIn} |
>>>>>> EJ> select Name,email,passwordAge,$daysUntilExpire | sort
>>>>>> EJ> daysUntilExpire
>>>>>> EJ> # send email to account who's password will expire in 14 days
>>>>>> EJ> $username = $_.Name
>>>>>> EJ> $email = $_.Email
>>>>>> EJ> $smtpServer = "mysmtpserver.domain.com"
>>>>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "")
>>>>>> EJ> {
>>>>>> EJ> Write-Host "User $username has $daysUntilExpire days left
>>>>>> before
>>>>>> EJ> password
>>>>>> EJ> expires. Message will be sent to $email."
>>>>>> EJ> $subject = "Your login password will expire in
>>>>>> $daysUntilExpire
>>>>>> EJ> days."
>>>>>> EJ> $body = "Hello $username . Your login password will expire in
>>>>>> EJ> $daysUntilExpire days."
>>>>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from
>>>>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body
>>>>>> EJ> }
>>>>>> EJ> #end of the script
>>>>>> EJ>

01-05-2009	#1 (permalink)
Eero J n/a posts	script to determine password expire date and send email notificati How can I use a script to determine password-expiration dates for users in a organizational unit (OU) and send an email message to accounts whose passwords expire soon? For example, if my password expires after 14 days, then it sends me email with that info.
My System Specs

01-06-2009	#2 (permalink)
Eero J n/a posts	Re: script to determine password expire date and send email notifi OK the only thing i need now is the email sending support for this: # get domain maximumPasswordAge value (it is always constant in my case) $maximumPasswordAge = 90 # exclude users with no expiring password or cannot change password $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=64)" # create calculated property to display days until password expire $daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}} # get all users $expireIn = 0 # get enabled users that meet the above criteria Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt $expireIn} \| select Name,email,passwordAge,$daysUntilExpire \| sort daysUntilExpire ##End of script I need the script to send email to account who's daysUntilExpire value equals 14
My System Specs

01-07-2009	#3 (permalink)
Eero J n/a posts	Re: script to determine password expire date and send email notifi OK i managed to write this, displaying works great but it does not send emails - any ideas whats wrong with the email sending part of the script? #start of the script # get domain maximumPasswordAge password policy $maximumPasswordAge = 90 # exclude users with no expiring password or cannot change password $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=64)" # create calculated property to display days until password expire $daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}} $expireIn = 0 # get enabled users that meet the above criteria Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt $expireIn} \| select Name,email,passwordAge,$daysUntilExpire \| sort daysUntilExpire # send email to account who's password will expire in 14 days $username = $_.Name $email = $_.Email $smtpServer = "mysmtpserver.domain.com" if ($daysUntilExpire -eq 14 -and $email -ne "") { Write-Host "User $username has $daysUntilExpire days left before password expires. Message will be sent to $email." $subject = "Your login password will expire in $daysUntilExpire days." $body = "Hello $username . Your login password will expire in $daysUntilExpire days." Send-smtpMail -smtphost $smtpServer -to $email -from "passwexpnotify@xxxxxx" -subject $subject -body $body } #end of the script
My System Specs

01-07-2009	#4 (permalink)
Shay Levy [MVP] n/a posts	Re: script to determine password expire date and send email notifi Hello Eero, I wouldn't set the $maximumPasswordAge var to a fixed value, someone may change the password policy and you wont even know. This can lead the script to send false emails. I've also changed the ldap query, I removed the 'no expiring password' filter and replaced it with the -passwordNeverExpires built-in parameter. To get users that their password expires in 14 days: -eq $expireIn To get users that their password expires in 14 days or more: -ge $expireIn As a side note, PowerShell CTP3 has a new cmdlet to send emails, look for : Send-MailMessage function Send-Mail{ param($smtpServer,$from,$to,$subject,$body) $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail = new-object System.Net.Mail.MailMessage $mail.from = $from $mail.to.add($to) $mail.subject = $subject $mail.body = $body #$mail.IsBodyHtml = $true $smtp.send($mail) } # get domain maximumPasswordAge password policy $maximumPasswordAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.days if(!$maximumPasswordAge){ throw "Domain 'MaximumPasswordAge'password policy is not configured (set to 0)." } # exclude users that cannot change password $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" # create calculated property to display days until password expire $daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}} $expireIn = 14 # get enabled users that meet the above criteria $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true -size 0 -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -eq $expireIn} $expiredUsers \| foreach { if($_.email) { $subject="Your password will expire in $expireIn days" $body="Your password will expire in $expireIn days" Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to $_.email -subject $subject -body $body } else { write-warning "user $($_.name) has no email address" } } } } --- Shay Levy Windows PowerShell MVP http://blogs.microsoft.co.il/blogs/ScriptFanatic PowerShell Toolbar: http://tinyurl.com/PSToolbar EJ> OK i managed to write this, displaying works great but it does not EJ> send emails - any ideas whats wrong with the email sending part of EJ> the script? EJ> EJ> #start of the script EJ> EJ> # get domain maximumPasswordAge password policy EJ> $maximumPasswordAge = 90 EJ> # exclude users with no expiring password or cannot change password EJ> EJ> $ldap = EJ> EJ> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon EJ> trol:1.2.840.113556.1.4.803:=64)" EJ> EJ> # create calculated property to display days until password expire EJ> $daysUntilExpire = EJ> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da EJ> ys}} EJ> EJ> $expireIn = 0 EJ> EJ> # get enabled users that meet the above criteria EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap EJ> $ldap \| EJ> where {$_.passwordAge.value -gt EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt EJ> $expireIn} \| EJ> select Name,email,passwordAge,$daysUntilExpire \| sort EJ> daysUntilExpire EJ> # send email to account who's password will expire in 14 days EJ> $username = $_.Name EJ> $email = $_.Email EJ> $smtpServer = "mysmtpserver.domain.com" EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") EJ> { EJ> Write-Host "User $username has $daysUntilExpire days left before EJ> password EJ> expires. Message will be sent to $email." EJ> $subject = "Your login password will expire in $daysUntilExpire EJ> days." EJ> $body = "Hello $username . Your login password will expire in EJ> $daysUntilExpire days." EJ> Send-smtpMail -smtphost $smtpServer -to $email -from EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body EJ> } EJ> #end of the script EJ>
My System Specs

01-07-2009	#5 (permalink)
Eero J n/a posts	Re: script to determine password expire date and send email notifi Thank you Shay, But right now this code gives me error: Missing expression after unary operator '-'. At C:\ps\passwnotify.ps1:35 char:2 + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) What might be the problem? Eero "Shay Levy [MVP]" wrote: Quote: > Hello Eero, > > > I wouldn't set the $maximumPasswordAge var to a fixed value, someone may > change the password policy and you wont even know. This can lead the script > to send false emails. > I've also changed the ldap query, I removed the 'no expiring password' filter > and replaced it with the -passwordNeverExpires built-in parameter. > > To get users that their password expires in 14 days: -eq $expireIn > To get users that their password expires in 14 days or more: -ge $expireIn > > As a side note, PowerShell CTP3 has a new cmdlet to send emails, look for > : Send-MailMessage > > > > function Send-Mail{ > > param($smtpServer,$from,$to,$subject,$body) > > $smtp = new-object system.net.mail.smtpClient($SmtpServer) > $mail = new-object System.Net.Mail.MailMessage > > $mail.from = $from > $mail.to.add($to) > $mail.subject = $subject > $mail.body = $body > #$mail.IsBodyHtml = $true > > $smtp.send($mail) > } > > # get domain maximumPasswordAge password policy > $maximumPasswordAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.days > > if(!$maximumPasswordAge){ > throw "Domain 'MaximumPasswordAge'password policy is not configured (set > to 0)." > } > > # exclude users that cannot change password > $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" > > # create calculated property to display days until password expire > $daysUntilExpire = @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.days}} > > $expireIn = 14 > > # get enabled users that meet the above criteria > $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true -size 0 > -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) > -eq $expireIn} > > $expiredUsers \| foreach { > if($_.email) > { > $subject="Your password will expire in $expireIn days" > $body="Your password will expire in $expireIn days" > Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to $_.email > -subject $subject -body $body > } > else > { > write-warning "user $($_.name) has no email address" > } > } > } > } > > > > > > --- > Shay Levy > Windows PowerShell MVP > http://blogs.microsoft.co.il/blogs/ScriptFanatic > PowerShell Toolbar: http://tinyurl.com/PSToolbar > > > EJ> OK i managed to write this, displaying works great but it does not > EJ> send emails - any ideas whats wrong with the email sending part of > EJ> the script? > EJ> > EJ> #start of the script > EJ> > EJ> # get domain maximumPasswordAge password policy > EJ> $maximumPasswordAge = 90 > EJ> # exclude users with no expiring password or cannot change password > EJ> > EJ> $ldap = > EJ> > EJ> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon > EJ> trol:1.2.840.113556.1.4.803:=64)" > EJ> > EJ> # create calculated property to display days until password expire > EJ> $daysUntilExpire = > EJ> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da > EJ> ys}} > EJ> > EJ> $expireIn = 0 > EJ> > EJ> # get enabled users that meet the above criteria > EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 -ldap > EJ> $ldap \| > EJ> where {$_.passwordAge.value -gt > EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt > EJ> $expireIn} \| > EJ> select Name,email,passwordAge,$daysUntilExpire \| sort > EJ> daysUntilExpire > EJ> # send email to account who's password will expire in 14 days > EJ> $username = $_.Name > EJ> $email = $_.Email > EJ> $smtpServer = "mysmtpserver.domain.com" > EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") > EJ> { > EJ> Write-Host "User $username has $daysUntilExpire days left before > EJ> password > EJ> expires. Message will be sent to $email." > EJ> $subject = "Your login password will expire in $daysUntilExpire > EJ> days." > EJ> $body = "Hello $username . Your login password will expire in > EJ> $daysUntilExpire days." > EJ> Send-smtpMail -smtphost $smtpServer -to $email -from > EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body > EJ> } > EJ> #end of the script > EJ> > > >
My System Specs

01-07-2009	#6 (permalink)
Shay Levy [MVP] n/a posts	Re: script to determine password expire date and send email notifi Hello Eero, It is probably due to the post wrapping. Make sure the $expiredUsers variable assigmnet is on one line. I've also attached the code as a text file, hopefully it will be posted. --- Shay Levy Windows PowerShell MVP http://blogs.microsoft.co.il/blogs/ScriptFanatic PowerShell Toolbar: http://tinyurl.com/PSToolbar EJ> Thank you Shay, EJ> But right now this code gives me error: EJ> Missing expression after unary operator '-'. EJ> At C:\ps\passwnotify.ps1:35 char:2 EJ> + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND EJ> ($maximumPasswordAge-$_.passwordAge.value.days) EJ> What might be the problem? EJ> Eero EJ> "Shay Levy [MVP]" wrote: EJ> Quote: Quote: >> Hello Eero, >> >> I wouldn't set the $maximumPasswordAge var to a fixed value, someone >> may >> change the password policy and you wont even know. This can lead the >> script >> to send false emails. >> I've also changed the ldap query, I removed the 'no expiring >> password' filter >> and replaced it with the -passwordNeverExpires built-in parameter. >> To get users that their password expires in 14 days: -eq $expireIn To >> get users that their password expires in 14 days or more: -ge >> $expireIn >> >> As a side note, PowerShell CTP3 has a new cmdlet to send emails, look >> for : Send-MailMessage >> >> function Send-Mail{ >> >> param($smtpServer,$from,$to,$subject,$body) >> >> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail = >> new-object System.Net.Mail.MailMessage >> >> $mail.from = $from >> $mail.to.add($to) >> $mail.subject = $subject >> $mail.body = $body >> #$mail.IsBodyHtml = $true >> $smtp.send($mail) >> } >> # get domain maximumPasswordAge password policy >> $maximumPasswordAge = (Get-QADObject >> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.day >> s >> if(!$maximumPasswordAge){ throw "Domain 'MaximumPasswordAge'password >> policy is not configured (set to 0)." } >> >> # exclude users that cannot change password >> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" >> # create calculated property to display days until password expire >> $daysUntilExpire = >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.day >> s}} >> >> $expireIn = 14 >> >> # get enabled users that meet the above criteria >> >> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true >> -size 0 >> >> -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND >> ($maximumPasswordAge-$_.passwordAge.value.days) >> >> -eq $expireIn} >> >> $expiredUsers \| foreach { >> if($_.email) >> { >> $subject="Your password will expire in $expireIn days" >> $body="Your password will expire in $expireIn days" >> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to >> $_.email >> -subject $subject -body $body >> } >> else >> { >> write-warning "user $($_.name) has no email address" >> } >> } >> } >> } >> --- >> Shay Levy >> Windows PowerShell MVP >> http://blogs.microsoft.co.il/blogs/ScriptFanatic >> PowerShell Toolbar: http://tinyurl.com/PSToolbar >> EJ> OK i managed to write this, displaying works great but it does >> not >> EJ> send emails - any ideas whats wrong with the email sending part >> of >> EJ> the script? >> EJ> >> EJ> #start of the script >> EJ> >> EJ> # get domain maximumPasswordAge password policy >> EJ> $maximumPasswordAge = 90 >> EJ> # exclude users with no expiring password or cannot change >> password >> EJ> >> EJ> $ldap = >> EJ> >> EJ> >> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon >> EJ> trol:1.2.840.113556.1.4.803:=64)" >> EJ> >> EJ> # create calculated property to display days until password >> expire >> EJ> $daysUntilExpire = >> EJ> >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da >> EJ> ys}} >> EJ> >> EJ> $expireIn = 0 >> EJ> >> EJ> # get enabled users that meet the above criteria >> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 >> -ldap >> EJ> $ldap \| >> EJ> where {$_.passwordAge.value -gt >> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt >> EJ> $expireIn} \| >> EJ> select Name,email,passwordAge,$daysUntilExpire \| sort >> EJ> daysUntilExpire >> EJ> # send email to account who's password will expire in 14 days >> EJ> $username = $_.Name >> EJ> $email = $_.Email >> EJ> $smtpServer = "mysmtpserver.domain.com" >> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") >> EJ> { >> EJ> Write-Host "User $username has $daysUntilExpire days left before >> EJ> password >> EJ> expires. Message will be sent to $email." >> EJ> $subject = "Your login password will expire in $daysUntilExpire >> EJ> days." >> EJ> $body = "Hello $username . Your login password will expire in >> EJ> $daysUntilExpire days." >> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from >> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body >> EJ> } >> EJ> #end of the script >> EJ>
My System Specs

01-07-2009	#7 (permalink)
Eero J n/a posts	Re: script to determine password expire date and send email notifi OK i removed the wraps but now i get this error: Unexpected token 'Send-Mail' in expression or statement. At C:\ps\passwordnotify.ps1:39 char:66 + $body="Your password will expire in $expireIn days" Send-Mail <<<< -smtpServer "mysmtpserver.mydomain.com" -from "passwnotify@xxxxxx" -to $_.email -subject $subject -body $body Can you see what is wrong here? Big thanks, Eero "Shay Levy [MVP]" wrote: Quote: > Hello Eero, > > It is probably due to the post wrapping. Make sure the $expiredUsers variable assigmnet is on one line. I've also attached the code as a text file, hopefully it will be posted. > > --- > Shay Levy > Windows PowerShell MVP > http://blogs.microsoft.co.il/blogs/ScriptFanatic > PowerShell Toolbar: http://tinyurl.com/PSToolbar > > > EJ> Thank you Shay, > EJ> But right now this code gives me error: > EJ> Missing expression after unary operator '-'. > EJ> At C:\ps\passwnotify.ps1:35 char:2 > EJ> + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND > EJ> ($maximumPasswordAge-$_.passwordAge.value.days) > EJ> What might be the problem? > EJ> Eero > EJ> "Shay Levy [MVP]" wrote: > EJ> Quote: Quote: > >> Hello Eero, > >> > >> I wouldn't set the $maximumPasswordAge var to a fixed value, someone > >> may > >> change the password policy and you wont even know. This can lead the > >> script > >> to send false emails. > >> I've also changed the ldap query, I removed the 'no expiring > >> password' filter > >> and replaced it with the -passwordNeverExpires built-in parameter. > >> To get users that their password expires in 14 days: -eq $expireIn To > >> get users that their password expires in 14 days or more: -ge > >> $expireIn > >> > >> As a side note, PowerShell CTP3 has a new cmdlet to send emails, look > >> for : Send-MailMessage > >> > >> function Send-Mail{ > >> > >> param($smtpServer,$from,$to,$subject,$body) > >> > >> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail = > >> new-object System.Net.Mail.MailMessage > >> > >> $mail.from = $from > >> $mail.to.add($to) > >> $mail.subject = $subject > >> $mail.body = $body > >> #$mail.IsBodyHtml = $true > >> $smtp.send($mail) > >> } > >> # get domain maximumPasswordAge password policy > >> $maximumPasswordAge = (Get-QADObject > >> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.day > >> s > >> if(!$maximumPasswordAge){ throw "Domain 'MaximumPasswordAge'password > >> policy is not configured (set to 0)." } > >> > >> # exclude users that cannot change password > >> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" > >> # create calculated property to display days until password expire > >> $daysUntilExpire = > >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.day > >> s}} > >> > >> $expireIn = 14 > >> > >> # get enabled users that meet the above criteria > >> > >> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true > >> -size 0 > >> > >> -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND > >> ($maximumPasswordAge-$_.passwordAge.value.days) > >> > >> -eq $expireIn} > >> > >> $expiredUsers \| foreach { > >> if($_.email) > >> { > >> $subject="Your password will expire in $expireIn days" > >> $body="Your password will expire in $expireIn days" > >> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to > >> $_.email > >> -subject $subject -body $body > >> } > >> else > >> { > >> write-warning "user $($_.name) has no email address" > >> } > >> } > >> } > >> } > >> --- > >> Shay Levy > >> Windows PowerShell MVP > >> http://blogs.microsoft.co.il/blogs/ScriptFanatic > >> PowerShell Toolbar: http://tinyurl.com/PSToolbar > >> EJ> OK i managed to write this, displaying works great but it does > >> not > >> EJ> send emails - any ideas whats wrong with the email sending part > >> of > >> EJ> the script? > >> EJ> > >> EJ> #start of the script > >> EJ> > >> EJ> # get domain maximumPasswordAge password policy > >> EJ> $maximumPasswordAge = 90 > >> EJ> # exclude users with no expiring password or cannot change > >> password > >> EJ> > >> EJ> $ldap = > >> EJ> > >> EJ> > >> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCon > >> EJ> trol:1.2.840.113556.1.4.803:=64)" > >> EJ> > >> EJ> # create calculated property to display days until password > >> expire > >> EJ> $daysUntilExpire = > >> EJ> > >> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.da > >> EJ> ys}} > >> EJ> > >> EJ> $expireIn = 0 > >> EJ> > >> EJ> # get enabled users that meet the above criteria > >> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 > >> -ldap > >> EJ> $ldap \| > >> EJ> where {$_.passwordAge.value -gt > >> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt > >> EJ> $expireIn} \| > >> EJ> select Name,email,passwordAge,$daysUntilExpire \| sort > >> EJ> daysUntilExpire > >> EJ> # send email to account who's password will expire in 14 days > >> EJ> $username = $_.Name > >> EJ> $email = $_.Email > >> EJ> $smtpServer = "mysmtpserver.domain.com" > >> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") > >> EJ> { > >> EJ> Write-Host "User $username has $daysUntilExpire days left before > >> EJ> password > >> EJ> expires. Message will be sent to $email." > >> EJ> $subject = "Your login password will expire in $daysUntilExpire > >> EJ> days." > >> EJ> $body = "Hello $username . Your login password will expire in > >> EJ> $daysUntilExpire days." > >> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from > >> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body > >> EJ> } > >> EJ> #end of the script > >> EJ> >
My System Specs

01-08-2009	#8 (permalink)
Shay Levy [MVP] n/a posts	Re: script to determine password expire date and send email notifi Hello Eero, The Send-Mail call should be on a line of its own. The script is attached to the previous thread. Do you see it? --- Shay Levy Windows PowerShell MVP http://blogs.microsoft.co.il/blogs/ScriptFanatic PowerShell Toolbar: http://tinyurl.com/PSToolbar EJ> OK i removed the wraps but now i get this error: EJ> EJ> Unexpected token 'Send-Mail' in expression or statement. EJ> At C:\ps\passwordnotify.ps1:39 char:66 EJ> + $body="Your password will expire in $expireIn days" Send-Mail EJ> <<<< EJ> -smtpServer "mysmtpserver.mydomain.com" -from EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body EJ> $body EJ> Can you see what is wrong here? EJ> Big thanks, EJ> Eero EJ> "Shay Levy [MVP]" wrote: EJ> Quote: Quote: >> Hello Eero, >> >> It is probably due to the post wrapping. Make sure the $expiredUsers >> variable assigmnet is on one line. I've also attached the code as a >> text file, hopefully it will be posted. >> >> --- >> Shay Levy >> Windows PowerShell MVP >> http://blogs.microsoft.co.il/blogs/ScriptFanatic >> PowerShell Toolbar: http://tinyurl.com/PSToolbar >> EJ> Thank you Shay, >> EJ> But right now this code gives me error: >> EJ> Missing expression after unary operator '-'. >> EJ> At C:\ps\passwnotify.ps1:35 char:2 >> EJ> + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND >> EJ> ($maximumPasswordAge-$_.passwordAge.value.days) >> EJ> What might be the problem? >> EJ> Eero >> EJ> "Shay Levy [MVP]" wrote: >> EJ> Quote: >>>> Hello Eero, >>>> >>>> I wouldn't set the $maximumPasswordAge var to a fixed value, >>>> someone >>>> may >>>> change the password policy and you wont even know. This can lead >>>> the >>>> script >>>> to send false emails. >>>> I've also changed the ldap query, I removed the 'no expiring >>>> password' filter >>>> and replaced it with the -passwordNeverExpires built-in parameter. >>>> To get users that their password expires in 14 days: -eq $expireIn >>>> To >>>> get users that their password expires in 14 days or more: -ge >>>> $expireIn >>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails, >>>> look for : Send-MailMessage >>>> >>>> function Send-Mail{ >>>> >>>> param($smtpServer,$from,$to,$subject,$body) >>>> >>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail = >>>> new-object System.Net.Mail.MailMessage >>>> >>>> $mail.from = $from >>>> $mail.to.add($to) >>>> $mail.subject = $subject >>>> $mail.body = $body >>>> #$mail.IsBodyHtml = $true >>>> $smtp.send($mail) >>>> } >>>> # get domain maximumPasswordAge password policy >>>> $maximumPasswordAge = (Get-QADObject >>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.d >>>> ay >>>> s >>>> if(!$maximumPasswordAge){ throw "Domain >>>> 'MaximumPasswordAge'password >>>> policy is not configured (set to 0)." } >>>> # exclude users that cannot change password >>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" >>>> # create calculated property to display days until password expire >>>> $daysUntilExpire = >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d >>>> ay >>>> s}} >>>> $expireIn = 14 >>>> >>>> # get enabled users that meet the above criteria >>>> >>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true >>>> -size 0 >>>> >>>> -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND >>>> ($maximumPasswordAge-$_.passwordAge.value.days) >>>> >>>> -eq $expireIn} >>>> >>>> $expiredUsers \| foreach { >>>> if($_.email) >>>> { >>>> $subject="Your password will expire in $expireIn days" >>>> $body="Your password will expire in $expireIn days" >>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to >>>> $_.email >>>> -subject $subject -body $body >>>> } >>>> else >>>> { >>>> write-warning "user $($_.name) has no email address" >>>> } >>>> } >>>> } >>>> } >>>> --- >>>> Shay Levy >>>> Windows PowerShell MVP >>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic >>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar >>>> EJ> OK i managed to write this, displaying works great but it does >>>> not >>>> EJ> send emails - any ideas whats wrong with the email sending part >>>> of >>>> EJ> the script? >>>> EJ> >>>> EJ> #start of the script >>>> EJ> >>>> EJ> # get domain maximumPasswordAge password policy >>>> EJ> $maximumPasswordAge = 90 >>>> EJ> # exclude users with no expiring password or cannot change >>>> password >>>> EJ> >>>> EJ> $ldap = >>>> EJ> >>>> EJ> >>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCo >>>> n >>>> EJ> trol:1.2.840.113556.1.4.803:=64)" >>>> EJ> >>>> EJ> # create calculated property to display days until password >>>> expire >>>> EJ> $daysUntilExpire = >>>> EJ> >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d >>>> a >>>> EJ> ys}} >>>> EJ> >>>> EJ> $expireIn = 0 >>>> EJ> >>>> EJ> # get enabled users that meet the above criteria >>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 >>>> -ldap >>>> EJ> $ldap \| >>>> EJ> where {$_.passwordAge.value -gt >>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt >>>> EJ> $expireIn} \| >>>> EJ> select Name,email,passwordAge,$daysUntilExpire \| sort >>>> EJ> daysUntilExpire >>>> EJ> # send email to account who's password will expire in 14 days >>>> EJ> $username = $_.Name >>>> EJ> $email = $_.Email >>>> EJ> $smtpServer = "mysmtpserver.domain.com" >>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") >>>> EJ> { >>>> EJ> Write-Host "User $username has $daysUntilExpire days left >>>> before >>>> EJ> password >>>> EJ> expires. Message will be sent to $email." >>>> EJ> $subject = "Your login password will expire in $daysUntilExpire >>>> EJ> days." >>>> EJ> $body = "Hello $username . Your login password will expire in >>>> EJ> $daysUntilExpire days." >>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from >>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body >>>> EJ> } >>>> EJ> #end of the script >>>> EJ>
My System Specs

01-08-2009	#9 (permalink)
Eero J n/a posts	Re: script to determine password expire date and send email notifi The script works now but unfortunately everytime i run it, i always get the result: WARNING: user has no email address It cannot display username and cannot find email address. Any ideas? Thank you, Eero "Shay Levy [MVP]" wrote: Quote: > Hello Eero, > > > The Send-Mail call should be on a line of its own. The script is attached > to the previous thread. Do you see it? > > --- > Shay Levy > Windows PowerShell MVP > http://blogs.microsoft.co.il/blogs/ScriptFanatic > PowerShell Toolbar: http://tinyurl.com/PSToolbar > > > EJ> OK i removed the wraps but now i get this error: > EJ> > EJ> Unexpected token 'Send-Mail' in expression or statement. > EJ> At C:\ps\passwordnotify.ps1:39 char:66 > EJ> + $body="Your password will expire in $expireIn days" Send-Mail > EJ> <<<< > EJ> -smtpServer "mysmtpserver.mydomain.com" -from > EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body > EJ> $body > EJ> Can you see what is wrong here? > EJ> Big thanks, > EJ> Eero > EJ> "Shay Levy [MVP]" wrote: > EJ> Quote: Quote: > >> Hello Eero, > >> > >> It is probably due to the post wrapping. Make sure the $expiredUsers > >> variable assigmnet is on one line. I've also attached the code as a > >> text file, hopefully it will be posted. > >> > >> --- > >> Shay Levy > >> Windows PowerShell MVP > >> http://blogs.microsoft.co.il/blogs/ScriptFanatic > >> PowerShell Toolbar: http://tinyurl.com/PSToolbar > >> EJ> Thank you Shay, > >> EJ> But right now this code gives me error: > >> EJ> Missing expression after unary operator '-'. > >> EJ> At C:\ps\passwnotify.ps1:35 char:2 > >> EJ> + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND > >> EJ> ($maximumPasswordAge-$_.passwordAge.value.days) > >> EJ> What might be the problem? > >> EJ> Eero > >> EJ> "Shay Levy [MVP]" wrote: > >> EJ> > >>>> Hello Eero, > >>>> > >>>> I wouldn't set the $maximumPasswordAge var to a fixed value, > >>>> someone > >>>> may > >>>> change the password policy and you wont even know. This can lead > >>>> the > >>>> script > >>>> to send false emails. > >>>> I've also changed the ldap query, I removed the 'no expiring > >>>> password' filter > >>>> and replaced it with the -passwordNeverExpires built-in parameter. > >>>> To get users that their password expires in 14 days: -eq $expireIn > >>>> To > >>>> get users that their password expires in 14 days or more: -ge > >>>> $expireIn > >>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails, > >>>> look for : Send-MailMessage > >>>> > >>>> function Send-Mail{ > >>>> > >>>> param($smtpServer,$from,$to,$subject,$body) > >>>> > >>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail = > >>>> new-object System.Net.Mail.MailMessage > >>>> > >>>> $mail.from = $from > >>>> $mail.to.add($to) > >>>> $mail.subject = $subject > >>>> $mail.body = $body > >>>> #$mail.IsBodyHtml = $true > >>>> $smtp.send($mail) > >>>> } > >>>> # get domain maximumPasswordAge password policy > >>>> $maximumPasswordAge = (Get-QADObject > >>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value.d > >>>> ay > >>>> s > >>>> if(!$maximumPasswordAge){ throw "Domain > >>>> 'MaximumPasswordAge'password > >>>> policy is not configured (set to 0)." } > >>>> # exclude users that cannot change password > >>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" > >>>> # create calculated property to display days until password expire > >>>> $daysUntilExpire = > >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d > >>>> ay > >>>> s}} > >>>> $expireIn = 14 > >>>> > >>>> # get enabled users that meet the above criteria > >>>> > >>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true > >>>> -size 0 > >>>> > >>>> -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND > >>>> ($maximumPasswordAge-$_.passwordAge.value.days) > >>>> > >>>> -eq $expireIn} > >>>> > >>>> $expiredUsers \| foreach { > >>>> if($_.email) > >>>> { > >>>> $subject="Your password will expire in $expireIn days" > >>>> $body="Your password will expire in $expireIn days" > >>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to > >>>> $_.email > >>>> -subject $subject -body $body > >>>> } > >>>> else > >>>> { > >>>> write-warning "user $($_.name) has no email address" > >>>> } > >>>> } > >>>> } > >>>> } > >>>> --- > >>>> Shay Levy > >>>> Windows PowerShell MVP > >>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic > >>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar > >>>> EJ> OK i managed to write this, displaying works great but it does > >>>> not > >>>> EJ> send emails - any ideas whats wrong with the email sending part > >>>> of > >>>> EJ> the script? > >>>> EJ> > >>>> EJ> #start of the script > >>>> EJ> > >>>> EJ> # get domain maximumPasswordAge password policy > >>>> EJ> $maximumPasswordAge = 90 > >>>> EJ> # exclude users with no expiring password or cannot change > >>>> password > >>>> EJ> > >>>> EJ> $ldap = > >>>> EJ> > >>>> EJ> > >>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountCo > >>>> n > >>>> EJ> trol:1.2.840.113556.1.4.803:=64)" > >>>> EJ> > >>>> EJ> # create calculated property to display days until password > >>>> expire > >>>> EJ> $daysUntilExpire = > >>>> EJ> > >>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value.d > >>>> a > >>>> EJ> ys}} > >>>> EJ> > >>>> EJ> $expireIn = 0 > >>>> EJ> > >>>> EJ> # get enabled users that meet the above criteria > >>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 > >>>> -ldap > >>>> EJ> $ldap \| > >>>> EJ> where {$_.passwordAge.value -gt > >>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt > >>>> EJ> $expireIn} \| > >>>> EJ> select Name,email,passwordAge,$daysUntilExpire \| sort > >>>> EJ> daysUntilExpire > >>>> EJ> # send email to account who's password will expire in 14 days > >>>> EJ> $username = $_.Name > >>>> EJ> $email = $_.Email > >>>> EJ> $smtpServer = "mysmtpserver.domain.com" > >>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") > >>>> EJ> { > >>>> EJ> Write-Host "User $username has $daysUntilExpire days left > >>>> before > >>>> EJ> password > >>>> EJ> expires. Message will be sent to $email." > >>>> EJ> $subject = "Your login password will expire in $daysUntilExpire > >>>> EJ> days." > >>>> EJ> $body = "Hello $username . Your login password will expire in > >>>> EJ> $daysUntilExpire days." > >>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from > >>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body > >>>> EJ> } > >>>> EJ> #end of the script > >>>> EJ> > > >
My System Specs

01-08-2009	#10 (permalink)
Shay Levy [MVP] n/a posts	Re: script to determine password expire date and send email notifi Hello Eero, 1. I had a logic error, replace '-passwordNeverExpires $true' with '-passwordNeverExpires $false' 2. I moved the email attribute check to the ldap filter, it will get only users that have the mail attribute set (now there is no need for if/else inside the last foreach) 3. It doesn't output anything because you probably have no users with exact number of days defined in '-eq $expireIn', try to use '-ge $expireIn' The new script is attached to this thread. --- Shay Levy Windows PowerShell MVP http://blogs.microsoft.co.il/blogs/ScriptFanatic PowerShell Toolbar: http://tinyurl.com/PSToolbar EJ> The script works now but unfortunately everytime i run it, i always EJ> get the EJ> result: EJ> WARNING: user has no email address EJ> It cannot display username and cannot find email address. EJ> Any ideas? EJ> Thank you, EJ> Eero EJ> "Shay Levy [MVP]" wrote: EJ> Quote: Quote: >> Hello Eero, >> >> The Send-Mail call should be on a line of its own. The script is >> attached to the previous thread. Do you see it? >> >> --- >> Shay Levy >> Windows PowerShell MVP >> http://blogs.microsoft.co.il/blogs/ScriptFanatic >> PowerShell Toolbar: http://tinyurl.com/PSToolbar >> EJ> OK i removed the wraps but now i get this error: >> EJ> >> EJ> Unexpected token 'Send-Mail' in expression or statement. >> EJ> At C:\ps\passwordnotify.ps1:39 char:66 >> EJ> + $body="Your password will expire in $expireIn days" Send-Mail >> EJ> <<<< >> EJ> -smtpServer "mysmtpserver.mydomain.com" -from >> EJ> "passwnotify@xxxxxx" -to $_.email -subject $subject -body >> EJ> $body >> EJ> Can you see what is wrong here? >> EJ> Big thanks, >> EJ> Eero >> EJ> "Shay Levy [MVP]" wrote: >> EJ> Quote: >>>> Hello Eero, >>>> >>>> It is probably due to the post wrapping. Make sure the >>>> $expiredUsers variable assigmnet is on one line. I've also attached >>>> the code as a text file, hopefully it will be posted. >>>> >>>> --- >>>> Shay Levy >>>> Windows PowerShell MVP >>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic >>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar >>>> EJ> Thank you Shay, >>>> EJ> But right now this code gives me error: >>>> EJ> Missing expression after unary operator '-'. >>>> EJ> At C:\ps\passwnotify.ps1:35 char:2 >>>> EJ> + -l <<<< dap $ldap \| where {$_.passwordAge.value -gt 0 -AND >>>> EJ> ($maximumPasswordAge-$_.passwordAge.value.days) >>>> EJ> What might be the problem? >>>> EJ> Eero >>>> EJ> "Shay Levy [MVP]" wrote: >>>> EJ> >>>>>> Hello Eero, >>>>>> >>>>>> I wouldn't set the $maximumPasswordAge var to a fixed value, >>>>>> someone >>>>>> may >>>>>> change the password policy and you wont even know. This can lead >>>>>> the >>>>>> script >>>>>> to send false emails. >>>>>> I've also changed the ldap query, I removed the 'no expiring >>>>>> password' filter >>>>>> and replaced it with the -passwordNeverExpires built-in >>>>>> parameter. >>>>>> To get users that their password expires in 14 days: -eq >>>>>> $expireIn >>>>>> To >>>>>> get users that their password expires in 14 days or more: -ge >>>>>> $expireIn >>>>>> As a side note, PowerShell CTP3 has a new cmdlet to send emails, >>>>>> look for : Send-MailMessage >>>>>> function Send-Mail{ >>>>>> >>>>>> param($smtpServer,$from,$to,$subject,$body) >>>>>> >>>>>> $smtp = new-object system.net.mail.smtpClient($SmtpServer) $mail >>>>>> = new-object System.Net.Mail.MailMessage >>>>>> >>>>>> $mail.from = $from >>>>>> $mail.to.add($to) >>>>>> $mail.subject = $subject >>>>>> $mail.body = $body >>>>>> #$mail.IsBodyHtml = $true >>>>>> $smtp.send($mail) >>>>>> } >>>>>> # get domain maximumPasswordAge password policy >>>>>> $maximumPasswordAge = (Get-QADObject >>>>>> (Get-QADRootDSE).defaultNamingContextDN).maximumPasswordAge.value >>>>>> .d >>>>>> ay >>>>>> s >>>>>> if(!$maximumPasswordAge){ throw "Domain >>>>>> 'MaximumPasswordAge'password >>>>>> policy is not configured (set to 0)." } >>>>>> # exclude users that cannot change password >>>>>> $ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=64)" >>>>>> # create calculated property to display days until password >>>>>> expire >>>>>> $daysUntilExpire = >>>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value >>>>>> .d >>>>>> ay >>>>>> s}} >>>>>> $expireIn = 14 >>>>>> # get enabled users that meet the above criteria >>>>>> >>>>>> $expiredUsers = Get-QADUser -enabled -passwordNeverExpires $true >>>>>> -size 0 >>>>>> >>>>>> -ldap $ldap \| where {$_.passwordAge.value -gt 0 -AND >>>>>> ($maximumPasswordAge-$_.passwordAge.value.days) >>>>>> >>>>>> -eq $expireIn} >>>>>> >>>>>> $expiredUsers \| foreach { >>>>>> if($_.email) >>>>>> { >>>>>> $subject="Your password will expire in $expireIn days" >>>>>> $body="Your password will expire in $expireIn days" >>>>>> Send-Mail -smtpServer exServerName -from "you@xxxxxx" -to >>>>>> $_.email >>>>>> -subject $subject -body $body >>>>>> } >>>>>> else >>>>>> { >>>>>> write-warning "user $($_.name) has no email address" >>>>>> } >>>>>> } >>>>>> } >>>>>> } >>>>>> --- >>>>>> Shay Levy >>>>>> Windows PowerShell MVP >>>>>> http://blogs.microsoft.co.il/blogs/ScriptFanatic >>>>>> PowerShell Toolbar: http://tinyurl.com/PSToolbar >>>>>> EJ> OK i managed to write this, displaying works great but it >>>>>> does >>>>>> not >>>>>> EJ> send emails - any ideas whats wrong with the email sending >>>>>> part >>>>>> of >>>>>> EJ> the script? >>>>>> EJ> >>>>>> EJ> #start of the script >>>>>> EJ> >>>>>> EJ> # get domain maximumPasswordAge password policy >>>>>> EJ> $maximumPasswordAge = 90 >>>>>> EJ> # exclude users with no expiring password or cannot change >>>>>> password >>>>>> EJ> >>>>>> EJ> $ldap = >>>>>> EJ> >>>>>> EJ> >>>>>> "(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccount >>>>>> Co >>>>>> n >>>>>> EJ> trol:1.2.840.113556.1.4.803:=64)" >>>>>> EJ> >>>>>> EJ> # create calculated property to display days until password >>>>>> expire >>>>>> EJ> $daysUntilExpire = >>>>>> EJ> >>>>>> @{n="daysUntilExpire";e={$maximumPasswordAge-$_.passwordAge.value >>>>>> .d >>>>>> a >>>>>> EJ> ys}} >>>>>> EJ> >>>>>> EJ> $expireIn = 0 >>>>>> EJ> >>>>>> EJ> # get enabled users that meet the above criteria >>>>>> EJ> Get-QADUser -ou 'OU=MyTest,DC=domain,DC=com' -enabled -size 0 >>>>>> -ldap >>>>>> EJ> $ldap \| >>>>>> EJ> where {$_.passwordAge.value -gt >>>>>> EJ> 0 -AND ($maximumPasswordAge-$_.passwordAge.value.days) -gt >>>>>> EJ> $expireIn} \| >>>>>> EJ> select Name,email,passwordAge,$daysUntilExpire \| sort >>>>>> EJ> daysUntilExpire >>>>>> EJ> # send email to account who's password will expire in 14 days >>>>>> EJ> $username = $_.Name >>>>>> EJ> $email = $_.Email >>>>>> EJ> $smtpServer = "mysmtpserver.domain.com" >>>>>> EJ> if ($daysUntilExpire -eq 14 -and $email -ne "") >>>>>> EJ> { >>>>>> EJ> Write-Host "User $username has $daysUntilExpire days left >>>>>> before >>>>>> EJ> password >>>>>> EJ> expires. Message will be sent to $email." >>>>>> EJ> $subject = "Your login password will expire in >>>>>> $daysUntilExpire >>>>>> EJ> days." >>>>>> EJ> $body = "Hello $username . Your login password will expire in >>>>>> EJ> $daysUntilExpire days." >>>>>> EJ> Send-smtpMail -smtphost $smtpServer -to $email -from >>>>>> EJ> "passwexpnotify@xxxxxx" -subject $subject -body $body >>>>>> EJ> } >>>>>> EJ> #end of the script >>>>>> EJ>
My System Specs

Similar Threads
Thread	Forum
Privision User must change password at next logon, if passwordchanged, set password never expire	VB Script
password to expire	General Discussion
Setting time period for password to expire	Vista General
how to determine a script location?	PowerShell
password expire	Vista account administration