MicrosoftDear MichaelHildebrand
The company i work at, doesn't work on hybrid AD azure, but we do work with Office365 (E3 License's) & AD Server.
Our users not getting an email notification before their 365 password expires. Whis means when they sign in to Office 365 and their password has expired, they'll be prompted to change their password at that time without any advance notice.
Now, I spoke with Microsoft ISR support representative & sent this article, they said is ONLY relevant for hybrid azure AD.
May you please tell me if is true ? i can't believe there's no answer to our issue, i must a soulution.
I found another this kind of PS script.. please take a look.
#################################################################################################################
# Version 1.0 September 2016
# Fernando PĂ©rez
# Based on Robert Pearman (WSSMB MVP)
#
# Script to Automated Email using Office 365 account to remind users Passwords Expiracy.
# Office 365 require SSL
# Requires: Windows PowerShell Module for Active Directory
#
#
##################################################################################################################
# Please Configure the following variables....
$smtpServer="smtp.office365.com" # Office 365 official smtp server
$expireindays = 10 # number of days for password to expire
$from = "Your email address <email address removed for privacy reasons>" # email from
$logging = "Enabled" # Set to Disabled to Disable Logging
$logFile = "c:\Scripts\PasswordChangeNotification.csv" # ie. c:\Scripts\PasswordChangeNotification.csv
$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient = "email address removed for privacy reasons"
$date = Get-Date -format ddMMyyyy
#
###################################################################################################################
# Add EMAIL Function
Function EMAIL{
Param(
$emailSmtpServer = $smtpServer, #change to your SMTP server
$emailSmtpServerPort = 587,
$emailSmtpUser = "email address removed for privacy reasons", #Email account you want to send from
$emailSmtpPass = "passsword", #Password for Send from email account
$emailFrom = "email address removed for privacy reasons", #Email account you want to send from
$emailTo,
$emailAttachment,
$emailSubject,
$emailBody
)
Process{
$emailMessage = New-Object System.Net.Mail.MailMessage( $emailFrom , $emailTo )
$emailMessage.Subject = $emailSubject
$emailMessage.IsBodyHtml = $true
$emailMessage.Priority = [System.Net.Mail.MailPriority]::High
$emailMessage.Body = $emailBody
$SMTPClient = New-Object System.Net.Mail.SmtpClient( $emailSmtpServer , $emailSmtpServerPort )
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential( $emailSmtpUser , $emailSmtpPass );
$SMTPClient.Send( $emailMessage )
}
}
# Check Logging Settings
if (($logging) -eq "Enabled")
{
# Test Log File Path
$logfilePath = (Test-Path $logFile)
if (($logFilePath) -ne "True")
{
# Create CSV File and Headers
New-Item $logfile -ItemType File
Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
}
} # End Logging Check
# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
# Process Each User for Password Expiry
foreach ($user in $users)
{
$Name = $user.Name
$emailaddress = $user.emailaddress
$passwordSetDate = $user.PasswordLastSet
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}
else
{
# No FGP set to Domain Default
$maxPasswordAge = $DefaultmaxPasswordAge
}
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
# Set Greeting based on Number of Days to Expiry.
# Check Number of Days to Expiry
$messageDays = $daystoexpire
if (($messageDays) -ge "1")
{
$messageDays = "in " + "$daystoexpire" + " days."
}
else
{
$messageDays = "today."
}
# Email Subject Set Here
$subject="Your password will expire $messageDays"
# Email Body Set Here, Note You can use HTML, including Images.
$body ="
<p>Dear $name,<br></P><br>
<p>Your Password will expire $messageDays.<br>
Please change your password before it expires to avoid problems accessing to your work services. <br></P><br>
<p>Thanks, <br>
</P><br><br>
<p>Dear $name,<br></P><br>
<P>Su contraseña caducará en $daystoExpire días.<br>
Por favor cambie su contraseña antes de que ésta expire para evitar problemas al acceder a su entorno de trabajo. <br></P><br>
<P>Gracias, <br>
</P><br><br>
<p>Caro $name,<br></P><br>
<p>A sua password vai expirar dentro de $daystoExpire dias<br>
Por favor altere a mesma antes dela expirar de forma a evitar ter problemas de acesso ao seu ambiente de trabalho. <br></P><br>
<p>Obrigado, <br>
</P>"
# If Testing Is Enabled - Email Administrator
if (($testing) -eq "Enabled")
{
$emailaddress = $testRecipient
} # End Testing
# If a user has no email address listed
if (($emailaddress) -eq $null)
{
$emailaddress = "email address removed for privacy reasons"
}# End No Valid Email
# Send Email Message
if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
{
# If Logging is Enabled Log Details
if (($logging) -eq "Enabled")
{
Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson"
}
EMAIL -emailTo $emailaddress -emailSubject $subject -emailBody $body
} # End Send Message
} # End User Processing
# End
#################################################################################################################
Regards,
Daniel, IT Administrator.
mailto:email address removed for privacy reasons
