How to Setup a Password Expiration Notification Email Solution

Published Sep 20 2018 03:34 AM 57.7K Views

First published on TechNet on May 04, 2015

"Hello World!"

Hi there! Mike Kullish, here. I'm a PFE based out of Minneapolis, MN with a focus on AD, Hyper-V and DFS but I try to help customers with anything on the Windows Desktop and/or Server platforms. I have been with Microsoft for nearly three years and this is my first blog post.

Have you ever had a need to configure notifications for user's password expirations but found that existing solutions didn't quite fit the bill? We all know you can use built-in solutions with Windows and Active Directory/Group Policy but this requires users to interactively log-on to a network-based computer. What about those BYOD or mobile users or users of web apps/email? More often than not, these users will have to call the helpdesk because they had no idea their domain passwords were going to expire. Statistics show that some of the most common calls to the helpdesk are password-related and implementing a process like the one covered here could really make a dent in your helpdesk call volume and costs.

Recently, a customer asked for some help implementing a solution for this issue based on a script they'd found on the Microsoft TechNet Script Center.  The script queries the pwdLastSet attribute of user accounts in AD and the MaxPwdAge property within the domain, then does some time computations and sends an email to those users who are near a password expiration 'event.'

 

I thought it would make a helpful blog post to cover some of the details and considerations when implementing a solution like this. The particular script my customer found was the work of Microsoft MVP Robert Pearman and he deserves the Kudos for initially putting it together, as well as several refinements to it (including support for Fine Grained Password Policies).

DISCLAIMER:

  • PFEs don't normally provide code beyond sample or "proof of concept" code
  • The code we discuss here is an additional layer beyond code from a PFE; it is code from a Microsoft MVP resource
  • As with ANY code, you should always test/validate its behavior in an isolated lab
  • Note the script author has validated the code via his own testing on Windows Server 2008 R2.  Did I mention you should test/validate the code?
  • If/when you're ready to deploy it to production, you should employ a solid change control process and a controlled release. This code can possibly generate emails to 100,000s of users .

You can download the script from the following link . ( https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27 )

Click on the blue box and save the file to a workstation or member server. Obviously, a DC would work but likely isn't the best choice. The workstation or member server needs the RSAT tools for Active Directory installed. If you already have an "admin server" system where you have existing scripts, tools, Scheduled Tasks, etc., that would be a logical place for this.

Once you have downloaded the script:

  1. Place the file in a directory on your admin server. (For this example, I will use C:\scripts)
  2. Edit the following portions of the script as applicable using Notepad or PowerShell ISE
    • $smtpServer="mail.domain.com"
      • This will be the name of your SMTP server. The admin server machine will need to be able to send using SMTP – you will likely need to work with your email team to get that process working
    • $expireindays = 21
      • This is the number of days prior to password expiration that you want to notify users. The actual number of days remaining before expiration will be displayed in the email notification.
    • $from = "Company Administrator <support@mycompany.com>"
      • This field can be modified to be sent from a valid email account within your environment. Consideration should be given to this address in order to prevent the perception of a phishing email as well as how replies will be handled .
    • $logging = "Enabled" # Set to Disabled to Disable Logging
      • Logging is recommended to ensure that you can trace any errors that might occur
    • $logFile = "C:\scripts\PasswordExpiration\pwdexp.csv"
      • This field should be changed to a desired location on the local system or network share as desired.
    • $testing = "Enabled"
      • Set to Disabled to email users (configuring this to Enabled, runs a check against all accounts and sends emails ONLY the account specified in the $testRecipient field below.)
        • Configuring this to disabled actually sends emails to the users that will have their passwords expire in the configured amount of time .
        • Understand this - you risk sending out a mass-email to 10s, 100s or 10,000s of users.
        • This is automation – with great power, comes great responsibility
    • $testRecipient = "someone@company.com"
      • Specifies the test user account that will receive the test email. CAUTION : This account will receive 1 email for every user the script identifies.
  3. Save the script once you are done editing it.
  4. Now you can test the script by running it in a lab.
    1. You may need to modify the execution policy for PowerShell scripts on your admin server machine.
  5. You should get an email that looks something like this:

    From: someone@company.com [mailto:someone@company.com]
    Sent: Thursday, March 23, 2015 12:52 PM
    To: Someone@company.com
    Subject: Your Windows password will expire in 4 days.
    Importance: High

    Dear someone,

    Your corporate network password will expire in 4 days.


    To change your password on a PC press CTRL-ALT-Delete and chose "Change Password."

  6. It is important to ensure that you change the section of the script under $body .  The message should be modified to ensure that user's don't accidentally delete the email because they suspect it is spam or a phishing email. Good inter-team collaboration and communication about this "password expiration notification process" cannot be emphasized enough.
    1. Work with your helpdesk and security teams to ensure everyone signs off on this effort and approves the specific text and additional information for the email, including how to manage a 'reply' to that email address
  7. When it all is working as desired/expected, you can disable testing:
    1. $testing = "Disabled"

Now, at some pre-determined time, you or one of your staff can execute the script to generate the 'password expiry notification email' to the affected users.

For those who don't want to manually run the script, it's a simple process to create a Scheduled Task to run the script automatically.

There are numerous other ways to address this need; I have talked to many people who have developed their own processes, scripts and/or code for this. This particular process was pretty easy to implement and I was able to work with my customer to get the whole thing working in a short amount of time.

Thanks to Hilde and all the other PFE bloggers here for helping me "dip a toe" in the blog-pond (or pool?) and a special thanks to Microsoft MVP Robert Pearman who provided some insight and details around his script.

See you all next time!

Mike "CANNONBALL!" Kullish

26 Comments
Occasional Visitor

Hello Michael, 

Thanks for your blog and the time you took to create it.

 

Do you guys at Microsoft have a way that we can use the new Multi-Factor Authentication that Office365 requires us to use now?

 

I'm sure that there are a lot of folks out there that would benefit from this update.

Best

Paul

Hey Michael

 

I've been trying to get hold of this script but unable to do so with the link. Can anyone share this script with me?

 

Regards

 

Reinhard

Microsoft

I have found an updated copy of the script that can be found here: Original Robert Pearman v1.4 Password Change Notification via https://web.archive.org/web/2016111622...

 

It was posted by Robert Pearman the original script author.

 
Occasional Visitor

@Michael Hildebrand I'm using your script in our environment, but need to make some small changes in it, not sure where to change, when user is getting email from us, the email body showing date format like this

"Password will be expiring on 12/28/2020 08:44:22 UTC."

But, I want the date format like this >> it looks like this “5 April 2021 at 18:04:36 UTC”.

 

Microsoft

@Anup_Pachkude You can use the get-date -format switch to modify how the date presents itself. More documenation can be found here: Get-Date (Microsoft.PowerShell.Utility) - PowerShell | Microsoft Docs.

Occasional Visitor

Hi @Michael Hildebrand  how often do you recommend running this script? I have set 180 days to expire password.

Thank you

Occasional Visitor

@Anup_Pachkude 

Hi i use like this:


$expireson = $passwordsetdate + $maxPasswordAge
$NiceDateExp = Get-Date $expireson -Format "dddd dd.MMMM yyyy at HH:mm"
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

 

Microsoft

@Zdenek_Jurak , The number of times to run the script greatly depends on each organization. I would suggest running the script weekly as a starting point to see if it meets your needs. I hope this helps.

Occasional Visitor

@Michael Hildebrand Finally, I set the interval to every other day. By notification 8 days before the password expires. Therefore, the user will receive a maximum of 4 notifications. This will prevent the password from expiring on the weekend. Because a lot of people are in the home office and I use LDAP for VPN authentication. I hope that's enough for that.

 

Thank you, the whole article was very useful for me.

Occasional Visitor

@Michael Hildebrand , thanks for a great script. Is it possible to run it with gMSA account to avoid creating another service account with "well-known" password? :)

Microsoft

@kirte You can always setup the script to run as a scheduled task and configure a GMSA. A decent article can be found here: [SOLVED] Using a group managed account to run a scheduled task on Server 2012R2 - Windows Server - S...

Occasional Visitor

How would I run this script against entire Forest or against specific Domains within the AD Forest? I have a Parent Domain with multiple child domains but would like to exclude some Domains. I'm guessing it would need to be run against GC using port 3268 somehow.

Microsoft

@Bishop777 , the easiest way would be to run the script from multiple machines. (One in each domain in your forest) You can setup a scheduled task running with a Group Managed Service Account or similar function. 

Occasional Visitor

@Michael Kullish , Thanks I suspected this but was hoping I didn't have to.

Regular Visitor

Hi Michael,

You can download the script from the following link . ( https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27 )

 

This PS script is not available for download, please help me get it.

 

Microsoft

@amit07 As mentioned above, you can download the script from Robert's blog here: Original Robert Pearman v1.4 Password Change Notification via https://web.archive.org/web/2016111622...

Regular Visitor

Hi Michael,

 

its giving error:

 

PS C:\script> C:\script\Password Change Notification v1.4 Robert Pearman.ps1


Directory: C:\script


Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 6/21/2021 8:46 PM 0 mylog.csv
Send-Mailmessage : Unable to connect to the remote server
At C:\script\Password Change Notification v1.4 Robert Pearman.ps1:120 char:9
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to $ema ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

Regular Visitor

Is there a way to configure this to use smtp.office365.com using TLS/port 587 and an authenticated user?  ...or, if using my internal SMTP server, how can I get the email to show up FROM "IT"?  Our SMTP server only allows no-reply@company.com so the emails that are received do not show the name, only "No-Reply".

Microsoft

@amit07 It looks like you have one of the variables that is incorrect. Without seeing the entire message, or script, I'm afraid I am not sure how to help with this one.

Microsoft

@rerhart, please take a look at the following link to help with smtp syntax: Send-MailMessage (Microsoft.PowerShell.Utility) - PowerShell | Microsoft Docs, I hope this helps.

Frequent Visitor

@ALL ,

Thanks,

I used the script but getting below error 

#####################################################################

PS C:\Users\XXXXX> C:\Passnotification.ps1
Send-Mailmessage : Error in processing. The server response was: 5.7.3 STARTTLS is required to send mail [PN2PR01CA0019.INDPRD01.PROD.OUTLOOK.COM]
At C:\Passnotification.ps1:122 char:9
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to $ema ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

 

##########################################################################################

So as suggested in comments added "-UseSsl " in the script 
command added:

####################################################################################

 # Send Email Message
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding -UseSsl"

After adding  "UseSsl" getting below error :

"PS C:\Users\XXXX> C:\Passnotification.ps1
Send-Mailmessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail.
[PN1PR01CA0079.INDPRD01.PROD.OUTLOOK.COM]
At C:\Passnotification.ps1:122 char:9
+ Send-Mailmessage -smtpServer $smtpServer -from $from -to $ema ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

##########################################################################

requesting you to please help us and suggest the solution for this.

NOTE: I am testing this from my office system( Win10) on  Windows Powershell ISE

Thanks and Best Regards.

Visitor

Provisioning of Mail Server for this setup is required?

Microsoft

@Cedrick014 Yes, and email server is required. The script is designed to email users, so you would need an SMTP server for it to work.

Occasional Visitor

Hi @Michael Kullish , can Office 365 (aka smtp.office365.com along with a dedicated account) be used in place of an SMTP server for this script to work? 

Occasional Visitor

Hi @Michael Kullish 

 

Will there be an updated version of the script that will use Graph and Rest API's to send the emails instead of connecting to a SMTP server? As SMTP only supports single factor authentication.

Microsoft

@Graham_Tinkers There is currently no plan that I am aware of, but this is a great idea! Let me consult a few colleagues and see what we can come up with for a future release.

%3CLINGO-SUB%20id%3D%22lingo-sub-257836%22%20slang%3D%22en-US%22%3EHow%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-257836%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TechNet%20on%20May%2004%2C%202015%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20%22Hello%20World!%22%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Hi%20there!%20Mike%20Kullish%2C%20here.%26nbsp%3BI'm%20a%20PFE%20based%20out%20of%20Minneapolis%2C%20MN%20with%20a%20focus%20on%26nbsp%3BAD%2C%20Hyper-V%20and%20DFS%20but%20I%26nbsp%3Btry%20to%20help%20customers%20with%20anything%26nbsp%3Bon%20the%26nbsp%3BWindows%20Desktop%20and%2For%20Server%20platforms.%20%3CSPAN%3E%20I%20have%20been%20with%20Microsoft%20for%20nearly%20three%20years%26nbsp%3Band%20this%20is%20my%20first%20blog%20post.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Have%20you%20ever%20had%20a%20need%20to%20configure%20notifications%20for%20user's%20password%20expirations%20but%20found%20that%20existing%20solutions%20didn't%20quite%20fit%20the%20bill%3F%20We%20all%20know%20you%20can%20use%20built-in%20solutions%20with%20Windows%20and%20Active%20Directory%2FGroup%20Policy%20but%20this%20requires%20users%20to%20interactively%20log-on%20to%20a%20network-based%20computer.%20What%20about%20those%26nbsp%3BBYOD%20or%20mobile%20users%20or%26nbsp%3Busers%20of%20web%20apps%2Femail%3F%20More%20often%20than%20not%2C%20these%20users%20will%20have%20to%20call%20the%20helpdesk%20because%20they%20had%20no%20idea%20their%20domain%20passwords%20were%20going%20to%20expire.%20Statistics%20show%20that%20some%20of%20the%20most%20common%20calls%20to%20the%20helpdesk%20are%20password-related%20and%20implementing%20a%26nbsp%3Bprocess%20like%20the%20one%20covered%20here%20could%20really%20make%20a%20dent%20in%20your%20helpdesk%20call%20volume%26nbsp%3Band%20costs.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Recently%2C%20a%20customer%20asked%20for%20some%20help%20implementing%20a%20solution%20for%20this%20issue%20based%20on%20a%20script%20they'd%20found%20on%20the%20Microsoft%20TechNet%20Script%20Center.%26nbsp%3B%20The%20script%26nbsp%3Bqueries%20the%20%3CSTRONG%3E%20pwdLastSet%20%3C%2FSTRONG%3E%20attribute%20of%20user%20accounts%20in%20AD%20and%20the%20%3CSTRONG%3E%20MaxPwdAge%20%3C%2FSTRONG%3E%20property%20within%20the%20domain%2C%20then%20does%20some%20time%20computations%20and%20sends%20an%20email%20to%20those%20users%20who%20are%20near%20a%20password%20expiration%20'event.'%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20414px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F52206i111BCF74ABB534B8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20%2F%3E%3C%2FSPAN%3E%20%3CIMG%20border%3D%220%22%20%2F%3E%20%3CIMG%20border%3D%220%22%20%2F%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20I%20thought%20it%20would%20make%20a%20helpful%20blog%20post%20to%20cover%20some%20of%20the%20details%20and%20considerations%20when%20implementing%20a%20solution%20like%20this.%20The%20particular%20script%20my%20customer%20found%26nbsp%3Bwas%20the%20work%20of%20Microsoft%20MVP%20Robert%20Pearman%20and%20he%20deserves%20the%20Kudos%20for%20initially%20putting%20it%20together%2C%20as%20well%20as%20several%26nbsp%3Brefinements%20to%20it%20(including%20support%20for%26nbsp%3BFine%20Grained%20Password%20Policies).%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20DISCLAIMER%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20PFEs%20don't%20normally%20provide%20code%20beyond%20sample%20or%20%22proof%20of%20concept%22%20code%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20The%20code%20we%20discuss%20here%20is%20an%20additional%20layer%20beyond%26nbsp%3Bcode%20from%20a%20PFE%3B%20it%20is%20code%20from%20a%20Microsoft%20MVP%20resource%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20As%20with%20ANY%20code%2C%20you%20should%20always%20test%2Fvalidate%20its%20behavior%20in%20an%20isolated%20lab%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20Note%20the%20script%20author%20has%20validated%20the%20code%26nbsp%3Bvia%20his%20own%20testing%20on%20Windows%20Server%202008%20R2.%26nbsp%3B%20Did%20I%20mention%20you%20should%20test%2Fvalidate%20the%20code%3F%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20If%2Fwhen%20you're%20ready%20to%20deploy%20it%20to%20production%2C%20you%20should%20employ%20a%20solid%20change%20control%20process%20and%20a%20controlled%20release.%20%3CSPAN%3E%3CSTRONG%3EThis%20code%20can%20possibly%20generate%20emails%20to%20100%2C000s%20of%20users%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20.%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%20You%20can%20download%20the%20script%20from%20the%20following%20%3CA%3E%20link%20%3C%2FA%3E%20.%20(%20%3CA%3E%20https%3A%2F%2Fgallery.technet.microsoft.com%2FPassword-Expiry-Email-177c3e27%20%3C%2FA%3E%20)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Click%20on%20the%20blue%20box%20and%20save%20the%20file%26nbsp%3Bto%20a%20workstation%20or%20member%20server.%20Obviously%2C%20a%20DC%20would%20work%20but%20likely%20isn't%20the%20best%20choice.%20The%20workstation%20or%20member%20server%20needs%20the%20RSAT%20tools%20for%20Active%20Directory%20installed.%20If%20you%20already%20have%20an%20%22admin%20server%22%26nbsp%3Bsystem%20where%20you%20have%20existing%20scripts%2C%20tools%2C%20Scheduled%20Tasks%2C%20etc.%2C%20that%20would%20be%20a%20logical%20place%20for%20this.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F52207iFEB912CFE0FA8EA5%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Once%20you%20have%20downloaded%20the%20script%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%3E%20Place%20the%20file%20in%20a%20directory%20on%20your%20admin%20server.%20(For%20this%20example%2C%20I%20will%20use%20C%3A%5Cscripts)%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CDIV%20style%3D%22background%3A%20white%3B%22%3E%3CSPAN%3E%20Edit%20the%20following%20portions%20of%20the%20script%20as%20applicable%26nbsp%3Busing%20Notepad%20or%20PowerShell%20ISE%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24smtpServer%3D%22mail.domain.com%22%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20This%20will%20be%20the%20name%20of%20your%20SMTP%20server.%20The%20admin%20server%20machine%20will%20need%20to%20be%20able%20to%20send%20using%20SMTP%20%E2%80%93%20you%20will%20likely%20need%20to%20work%20with%20your%20email%20team%20to%20get%20that%20process%20working%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24expireindays%20%3D%2021%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20This%20is%20the%20number%20of%20days%20prior%20to%20password%20expiration%26nbsp%3Bthat%20you%20want%20to%20notify%20users.%20The%20actual%20number%20of%20days%20remaining%26nbsp%3Bbefore%20expiration%20will%20be%20displayed%20in%20the%20email%20notification.%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24from%20%3D%20%22Company%20Administrator%20%3CSUPPORT%3E%22%20%3C%2FSUPPORT%3E%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20This%20field%20can%20be%20modified%20to%20be%20sent%20from%20a%20valid%20email%20account%20within%20your%20environment.%20%3CSPAN%3E%20%3CSTRONG%3EConsideration%20should%20be%20given%20to%20this%20address%20in%20order%20to%20prevent%20the%20perception%20of%20a%20phishing%20email%20as%20well%20as%20how%20replies%20will%20be%20handled%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24logging%20%3D%20%22Enabled%22%20%23%20Set%20to%20Disabled%20to%20Disable%20Logging%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20Logging%20is%20recommended%20to%20ensure%20that%20you%20can%20trace%20any%20errors%20that%20might%20occur%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24logFile%20%3D%20%22C%3A%5Cscripts%5CPasswordExpiration%5Cpwdexp.csv%22%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20This%20field%20should%20be%20changed%20to%20a%20desired%20location%20on%20the%20local%20system%20or%20network%20share%20as%20desired.%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24testing%20%3D%20%22Enabled%22%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20%3CEM%3E%20Set%20to%20Disabled%20to%20email%20users%20(configuring%20this%26nbsp%3Bto%20Enabled%2C%20runs%20a%26nbsp%3Bcheck%26nbsp%3Bagainst%20all%20accounts%20and%26nbsp%3Bsends%20emails%20ONLY%20the%26nbsp%3Baccount%20specified%20in%20the%20%24testRecipient%20field%20below.)%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20%3CSPAN%3EConfiguring%20this%20to%20%3CSPAN%3E%20%3CSTRONG%3E%20disabled%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3CSTRONG%3E%20actually%20sends%20emails%20to%20the%20users%20%3C%2FSTRONG%3E%20that%20will%20have%20their%20passwords%20expire%20in%20the%20configured%20amount%20of%20time%20%3C%2FSPAN%3E%20.%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20%3CSTRONG%3EUnderstand%20this%20%3C%2FSTRONG%3E%20-%20you%20risk%20sending%20out%20a%20mass-email%20to%2010s%2C%20100s%20or%2010%2C000s%20of%20users.%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20This%20is%20automation%20%E2%80%93%20with%20great%20power%2C%20comes%20great%20responsibility%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSTRONG%3E%20%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%24testRecipient%20%3D%20%22someone%40company.com%22%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%3C%2FDIV%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%20%3CEM%3E%20Specifies%20the%20test%20user%20account%20that%20will%20receive%20the%20test%20email.%20%3CSPAN%3E%3CSTRONG%3ECAUTION%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3A%20This%20account%20will%20receive%201%20email%20for%20every%20user%20the%20script%20identifies.%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%20Save%20the%20script%20once%20you%20are%20done%20editing%20it.%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20Now%20you%20can%20test%20the%20script%20by%20running%20it%20%3CSPAN%3E%20%3CSTRONG%3E%20in%20a%20lab.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%3E%20You%20may%20need%20to%20modify%20the%20execution%20policy%20for%20PowerShell%20scripts%20on%20your%20admin%20server%20machine.%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20You%20should%20get%20an%20email%20that%20looks%20something%20like%20this%3A%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3E%3CEM%3EFrom%3A%20someone%40company.com%20%5Bmailto%3Asomeone%40company.com%5D%20%3C%2FEM%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CEM%3E%20Sent%3A%20Thursday%2C%20March%2023%2C%202015%2012%3A52%20PM%20%3C%2FEM%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CEM%3E%20To%3A%20Someone%40company.com%20%3C%2FEM%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CEM%3E%20Subject%3A%20Your%20Windows%20password%20will%20expire%20in%204%20days.%20%3C%2FEM%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%3CSPAN%3E%20%3CEM%3E%20%3CSTRONG%3E%20Importance%3A%20High%20%3C%2FSTRONG%3E%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20%3CEM%3E%20%3CSTRONG%3E%20Dear%20someone%2C%20%3C%2FSTRONG%3E%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20%3CSTRONG%3E%20%3CEM%3E%20Your%20corporate%20network%26nbsp%3Bpassword%20will%20expire%20in%204%20days.%20%3C%2FEM%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3CSPAN%3E%20%3CEM%3E%20%3CSTRONG%3E%20To%20change%20your%20password%20on%20a%20PC%20press%20CTRL-ALT-Delete%20and%20chose%20%22Change%20Password.%22%20%3C%2FSTRONG%3E%20%3C%2FEM%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20It%20is%20important%20to%20ensure%20that%20you%20change%20the%20section%20of%20the%20script%20under%20%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%22%3E%20%24body%20%3C%2FSPAN%3E%20.%26nbsp%3B%20The%20message%20should%20be%20modified%20to%20ensure%20that%20user's%20don't%20accidentally%20delete%20the%20email%20because%20they%20suspect%20it%20is%20spam%20or%20a%20phishing%20email.%20%3CSPAN%3E%20%3CSTRONG%3E%20Good%20inter-team%20collaboration%20and%20communication%20about%20this%20%22password%20expiration%20notification%20process%22%20cannot%20be%20emphasized%20enough.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%3E%20Work%20with%20your%20helpdesk%20and%20security%20teams%20to%20ensure%20everyone%20signs%20off%20on%20this%20effort%20and%20approves%20the%20specific%20text%20and%20additional%20information%20for%20the%20email%2C%20including%26nbsp%3Bhow%20to%20manage%20a%20'reply'%20to%20that%20email%20address%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%3E%20When%20it%26nbsp%3Ball%20is%20working%26nbsp%3Bas%20desired%2Fexpected%2C%20you%20can%20disable%26nbsp%3Btesting%3A%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3COL%3E%0A%3CLI%3E%3CDIV%3E%3CSPAN%20style%3D%22color%3A%20red%3B%22%3E%20%3CSTRONG%3E%20%24testing%20%3D%20%22Disabled%22%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CSPAN%3E%20Now%2C%20at%20some%20pre-determined%20time%2C%20you%20or%20one%20of%20your%20staff%20can%20execute%20the%20script%20to%20generate%20the%20'password%20expiry%20notification%20email'%20to%20the%20affected%20users.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20For%20those%20who%20don't%20want%20to%20manually%20run%20the%20script%2C%20it's%20a%20simple%20process%20to%20create%20a%20Scheduled%20Task%20to%20run%20the%20script%20automatically.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20There%20are%20numerous%20other%20ways%20to%20address%20this%20need%3B%26nbsp%3BI%20have%20talked%20to%20many%26nbsp%3Bpeople%20who%20have%20developed%20their%20own%20processes%2C%20scripts%20and%2For%20code%20for%20this.%20This%20particular%20process%26nbsp%3Bwas%26nbsp%3Bpretty%20easy%20to%20implement%20and%20I%20was%20able%20to%20work%20with%20my%20customer%20to%20get%20the%20whole%20thing%20working%20in%20a%20short%20amount%20of%20time.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Thanks%20to%20Hilde%20and%20all%20the%20other%20PFE%20bloggers%20here%20for%20helping%20me%20%22dip%20a%20toe%22%20in%20the%20blog-pond%20(or%20pool%3F)%26nbsp%3Band%20a%20special%20thanks%20to%20Microsoft%20MVP%20Robert%20Pearman%20who%20provided%20some%20insight%20and%20details%20around%20his%20script.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20See%20you%20all%20next%20time!%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%20Mike%20%22CANNONBALL!%22%20Kullish%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-257836%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TechNet%20on%20May%2004%2C%202015%20%22Hello%20World!%22%26nbsp%3B%20Hi%20there!%20Mike%20Kullish%2C%20here.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-257836%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMikeKullish%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2021566%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2021566%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Michael%2C%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20blog%20and%20the%20time%20you%20took%20to%20create%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20guys%20at%20Microsoft%20have%20a%20way%20that%20we%20can%20use%20the%20new%20Multi-Factor%20Authentication%20that%20Office365%20requires%20us%20to%20use%20now%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20sure%20that%20there%20are%20a%20lot%20of%20folks%20out%20there%20that%20would%20benefit%20from%20this%20update.%3C%2FP%3E%3CP%3EBest%3C%2FP%3E%3CP%3EPaul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2229609%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2229609%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Michael%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20trying%20to%20get%20hold%20of%20this%20script%20but%20unable%20to%20do%20so%20with%20the%20link.%20Can%20anyone%20share%20this%20script%20with%20me%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReinhard%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2261934%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2261934%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20found%20an%20updated%20copy%20of%20the%20script%20that%20can%20be%20found%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgist.github.com%2Fmeoso%2Fde56bdc68eced50a65d38e99e306ee42%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOriginal%20Robert%20Pearman%20v1.4%20Password%20Change%20Notification%20via%20https%3A%2F%2Fweb.archive.org%2Fweb%2F20161116225450%2Fhttps%3A%2F%2Fgallery.technet.microsoft.com%2FPassword-Expiry-Email-177c3e27%20%C2%B7%20GitHub%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20was%20posted%20by%20Robert%20Pearman%20the%20original%20script%20author.%3C%2FP%3E%0A%3CDIV%20class%3D%22ms-editor-squiggler%22%20style%3D%22color%3A%20initial%3B%20font%3A%20initial%3B%20font-feature-settings%3A%20initial%3B%20font-kerning%3A%20initial%3B%20font-optical-sizing%3A%20initial%3B%20font-variation-settings%3A%20initial%3B%20forced-color-adjust%3A%20initial%3B%20text-orientation%3A%20initial%3B%20text-rendering%3A%20initial%3B%20-webkit-font-smoothing%3A%20initial%3B%20-webkit-locale%3A%20initial%3B%20-webkit-text-orientation%3A%20initial%3B%20-webkit-writing-mode%3A%20initial%3B%20writing-mode%3A%20initial%3B%20zoom%3A%20initial%3B%20place-content%3A%20initial%3B%20place-items%3A%20initial%3B%20place-self%3A%20initial%3B%20alignment-baseline%3A%20initial%3B%20animation%3A%20initial%3B%20appearance%3A%20initial%3B%20aspect-ratio%3A%20initial%3B%20backdrop-filter%3A%20initial%3B%20backface-visibility%3A%20initial%3B%20background%3A%20initial%3B%20background-blend-mode%3A%20initial%3B%20baseline-shift%3A%20initial%3B%20block-size%3A%20initial%3B%20border-block%3A%20initial%3B%20border%3A%20initial%3B%20border-radius%3A%20initial%3B%20border-collapse%3A%20initial%3B%20border-end-end-radius%3A%20initial%3B%20border-end-start-radius%3A%20initial%3B%20border-inline%3A%20initial%3B%20border-start-end-radius%3A%20initial%3B%20border-start-start-radius%3A%20initial%3B%20inset%3A%20initial%3B%20box-shadow%3A%20initial%3B%20box-sizing%3A%20initial%3B%20break-after%3A%20initial%3B%20break-before%3A%20initial%3B%20break-inside%3A%20initial%3B%20buffered-rendering%3A%20initial%3B%20caption-side%3A%20initial%3B%20caret-color%3A%20initial%3B%20clear%3A%20initial%3B%20clip%3A%20initial%3B%20clip-path%3A%20initial%3B%20clip-rule%3A%20initial%3B%20color-interpolation%3A%20initial%3B%20color-interpolation-filters%3A%20initial%3B%20color-rendering%3A%20initial%3B%20color-scheme%3A%20initial%3B%20columns%3A%20initial%3B%20column-fill%3A%20initial%3B%20gap%3A%20initial%3B%20column-rule%3A%20initial%3B%20column-span%3A%20initial%3B%20contain%3A%20initial%3B%20contain-intrinsic-size%3A%20initial%3B%20content%3A%20initial%3B%20content-visibility%3A%20initial%3B%20counter-increment%3A%20initial%3B%20counter-reset%3A%20initial%3B%20counter-set%3A%20initial%3B%20cursor%3A%20initial%3B%20cx%3A%20initial%3B%20cy%3A%20initial%3B%20d%3A%20initial%3B%20display%3A%20block%3B%20dominant-baseline%3A%20initial%3B%20empty-cells%3A%20initial%3B%20fill%3A%20initial%3B%20fill-opacity%3A%20initial%3B%20fill-rule%3A%20initial%3B%20filter%3A%20initial%3B%20flex%3A%20initial%3B%20flex-flow%3A%20initial%3B%20float%3A%20initial%3B%20flood-color%3A%20initial%3B%20flood-opacity%3A%20initial%3B%20grid%3A%20initial%3B%20grid-area%3A%20initial%3B%20height%3A%200px%3B%20hyphens%3A%20initial%3B%20image-orientation%3A%20initial%3B%20image-rendering%3A%20initial%3B%20inline-size%3A%20initial%3B%20inset-block%3A%20initial%3B%20inset-inline%3A%20initial%3B%20isolation%3A%20initial%3B%20letter-spacing%3A%20initial%3B%20lighting-color%3A%20initial%3B%20line-break%3A%20initial%3B%20list-style%3A%20initial%3B%20margin-block%3A%20initial%3B%20margin%3A%20initial%3B%20margin-inline%3A%20initial%3B%20marker%3A%20initial%3B%20mask%3A%20initial%3B%20mask-type%3A%20initial%3B%20max-block-size%3A%20initial%3B%20max-height%3A%20initial%3B%20max-inline-size%3A%20initial%3B%20max-width%3A%20initial%3B%20min-block-size%3A%20initial%3B%20min-height%3A%20initial%3B%20min-inline-size%3A%20initial%3B%20min-width%3A%20initial%3B%20mix-blend-mode%3A%20initial%3B%20object-fit%3A%20initial%3B%20object-position%3A%20initial%3B%20offset%3A%20initial%3B%20opacity%3A%20initial%3B%20order%3A%20initial%3B%20origin-trial-test-property%3A%20initial%3B%20orphans%3A%20initial%3B%20outline%3A%20initial%3B%20outline-offset%3A%20initial%3B%20overflow-anchor%3A%20initial%3B%20overflow-clip-margin%3A%20initial%3B%20overflow-wrap%3A%20initial%3B%20overflow%3A%20initial%3B%20overscroll-behavior-block%3A%20initial%3B%20overscroll-behavior-inline%3A%20initial%3B%20overscroll-behavior%3A%20initial%3B%20padding-block%3A%20initial%3B%20padding%3A%20initial%3B%20padding-inline%3A%20initial%3B%20page%3A%20initial%3B%20page-orientation%3A%20initial%3B%20paint-order%3A%20initial%3B%20perspective%3A%20initial%3B%20perspective-origin%3A%20initial%3B%20pointer-events%3A%20initial%3B%20position%3A%20initial%3B%20quotes%3A%20initial%3B%20r%3A%20initial%3B%20resize%3A%20initial%3B%20ruby-position%3A%20initial%3B%20rx%3A%20initial%3B%20ry%3A%20initial%3B%20scroll-behavior%3A%20initial%3B%20scroll-margin-block%3A%20initial%3B%20scroll-margin%3A%20initial%3B%20scroll-margin-inline%3A%20initial%3B%20scroll-padding-block%3A%20initial%3B%20scroll-padding%3A%20initial%3B%20scroll-padding-inline%3A%20initial%3B%20scroll-snap-align%3A%20initial%3B%20scroll-snap-stop%3A%20initial%3B%20scroll-snap-type%3A%20initial%3B%20shape-image-threshold%3A%20initial%3B%20shape-margin%3A%20initial%3B%20shape-outside%3A%20initial%3B%20shape-rendering%3A%20initial%3B%20size%3A%20initial%3B%20speak%3A%20initial%3B%20stop-color%3A%20initial%3B%20stop-opacity%3A%20initial%3B%20stroke%3A%20initial%3B%20stroke-dasharray%3A%20initial%3B%20stroke-dashoffset%3A%20initial%3B%20stroke-linecap%3A%20initial%3B%20stroke-linejoin%3A%20initial%3B%20stroke-miterlimit%3A%20initial%3B%20stroke-opacity%3A%20initial%3B%20stroke-width%3A%20initial%3B%20tab-size%3A%20initial%3B%20table-layout%3A%20initial%3B%20text-align%3A%20initial%3B%20text-align-last%3A%20initial%3B%20text-anchor%3A%20initial%3B%20text-combine-upright%3A%20initial%3B%20text-decoration%3A%20initial%3B%20text-decoration-skip-ink%3A%20initial%3B%20text-indent%3A%20initial%3B%20text-overflow%3A%20initial%3B%20text-shadow%3A%20initial%3B%20text-size-adjust%3A%20initial%3B%20text-transform%3A%20initial%3B%20text-underline-offset%3A%20initial%3B%20text-underline-position%3A%20initial%3B%20touch-action%3A%20initial%3B%20transform%3A%20initial%3B%20transform-box%3A%20initial%3B%20transform-origin%3A%20initial%3B%20transform-style%3A%20initial%3B%20transition%3A%20initial%3B%20user-select%3A%20initial%3B%20vector-effect%3A%20initial%3B%20vertical-align%3A%20initial%3B%20visibility%3A%20initial%3B%20-webkit-app-region%3A%20initial%3B%20border-spacing%3A%20initial%3B%20-webkit-border-image%3A%20initial%3B%20-webkit-box-align%3A%20initial%3B%20-webkit-box-decoration-break%3A%20initial%3B%20-webkit-box-direction%3A%20initial%3B%20-webkit-box-flex%3A%20initial%3B%20-webkit-box-ordinal-group%3A%20initial%3B%20-webkit-box-orient%3A%20initial%3B%20-webkit-box-pack%3A%20initial%3B%20-webkit-box-reflect%3A%20initial%3B%20-webkit-highlight%3A%20initial%3B%20-webkit-hyphenate-character%3A%20initial%3B%20-webkit-line-break%3A%20initial%3B%20-webkit-line-clamp%3A%20initial%3B%20-webkit-mask-box-image%3A%20initial%3B%20-webkit-mask%3A%20initial%3B%20-webkit-mask-composite%3A%20initial%3B%20-webkit-perspective-origin-x%3A%20initial%3B%20-webkit-perspective-origin-y%3A%20initial%3B%20-webkit-print-color-adjust%3A%20initial%3B%20-webkit-rtl-ordering%3A%20initial%3B%20-webkit-ruby-position%3A%20initial%3B%20-webkit-tap-highlight-color%3A%20initial%3B%20-webkit-text-combine%3A%20initial%3B%20-webkit-text-decorations-in-effect%3A%20initial%3B%20-webkit-text-emphasis%3A%20initial%3B%20-webkit-text-emphasis-position%3A%20initial%3B%20-webkit-text-fill-color%3A%20initial%3B%20-webkit-text-security%3A%20initial%3B%20-webkit-text-stroke%3A%20initial%3B%20-webkit-transform-origin-x%3A%20initial%3B%20-webkit-transform-origin-y%3A%20initial%3B%20-webkit-transform-origin-z%3A%20initial%3B%20-webkit-user-drag%3A%20initial%3B%20-webkit-user-modify%3A%20initial%3B%20white-space%3A%20initial%3B%20widows%3A%20initial%3B%20width%3A%20initial%3B%20will-change%3A%20initial%3B%20word-break%3A%20initial%3B%20word-spacing%3A%20initial%3B%20x%3A%20initial%3B%20y%3A%20initial%3B%20z-index%3A%20initial%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2277639%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2277639%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F175162%22%20target%3D%22_blank%22%3E%40Michael%20Hildebrand%3C%2FA%3E%26nbsp%3BI'm%20using%20your%20script%20in%20our%20environment%2C%20but%20need%20to%20make%20some%20small%20changes%20in%20it%2C%20not%20sure%20where%20to%20change%2C%20when%20user%20is%20getting%20email%20from%20us%2C%20the%20email%20body%20showing%20date%20format%20like%20this%3C%2FP%3E%3CP%3E%22%3CSPAN%3EPassword%20will%20be%20expiring%20on%20%3CSTRONG%3E%3CU%3E12%2F28%2F2020%2008%3A44%3A22%3C%2FU%3E%3C%2FSTRONG%3E%20UTC.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EBut%2C%20I%20want%20the%20date%20format%20like%20this%20%26gt%3B%26gt%3B%26nbsp%3Bit%20looks%20like%20this%20%E2%80%9C%3CSTRONG%3E%3CU%3E5%20April%202021%3C%2FU%3E%3C%2FSTRONG%3E%20at%20%3CSTRONG%3E%3CU%3E18%3A04%3A36%20UTC%3C%2FU%3E%3C%2FSTRONG%3E%E2%80%9D.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2278856%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2278856%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F704235%22%20target%3D%22_blank%22%3E%40Anup_Pachkude%3C%2FA%3E%26nbsp%3BYou%20can%20use%20the%20get-date%20-format%20switch%20to%20modify%20how%20the%20date%20presents%20itself.%20More%20documenation%20can%20be%20found%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fmicrosoft.powershell.utility%2Fget-date%3Fview%3Dpowershell-7.1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGet-Date%20(Microsoft.PowerShell.Utility)%20-%20PowerShell%20%7C%20Microsoft%20Docs.%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2340119%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2340119%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F175162%22%20target%3D%22_blank%22%3E%40Michael%20Hildebrand%3C%2FA%3E%26nbsp%3B%20how%20often%20do%20you%20recommend%20running%20this%20script%3F%20I%20have%20set%20180%20days%20to%20expire%20password.%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2340193%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2340193%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F704235%22%20target%3D%22_blank%22%3E%40Anup_Pachkude%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20i%20use%20like%20this%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%24expireson%20%3D%20%24passwordsetdate%20%2B%20%24maxPasswordAge%3CBR%20%2F%3E%3CSTRONG%3E%24NiceDateExp%20%3D%20Get-Date%20%24expireson%20-Format%20%22dddd%20dd.MMMM%20yyyy%20at%20HH%3Amm%22%3C%2FSTRONG%3E%3CBR%20%2F%3E%24today%20%3D%20(get-date)%3CBR%20%2F%3E%24daystoexpire%20%3D%20(New-TimeSpan%20-Start%20%24today%20-End%20%24Expireson).Days%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2340491%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2340491%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1049604%22%20target%3D%22_blank%22%3E%40Zdenek_Jurak%3C%2FA%3E%26nbsp%3B%2C%20The%20number%20of%20times%20to%20run%20the%20script%20greatly%20depends%20on%20each%20organization.%20I%20would%20suggest%20running%20the%20script%20weekly%20as%20a%20starting%20point%20to%20see%20if%20it%20meets%20your%20needs.%20I%20hope%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2343927%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2343927%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F175162%22%20target%3D%22_blank%22%3E%40Michael%20Hildebrand%3C%2FA%3E%26nbsp%3BFinally%2C%20I%20set%20the%20interval%20to%20every%20other%20day.%20By%20notification%208%20days%20before%20the%20password%20expires.%20Therefore%2C%20the%20user%20will%20receive%20a%20maximum%20of%204%20notifications.%20This%20will%20prevent%20the%20password%20from%20expiring%20on%20the%20weekend.%20Because%20a%20lot%20of%20people%20are%20in%20the%20home%20office%20and%20I%20use%20LDAP%20for%20VPN%20authentication.%20I%20hope%20that's%20enough%20for%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%20the%20whole%20article%20was%20very%20useful%20for%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2378869%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2378869%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F175162%22%20target%3D%22_blank%22%3E%40Michael%20Hildebrand%3C%2FA%3E%26nbsp%3B%2C%20thanks%20for%20a%20great%20script.%20Is%20it%20possible%20to%20run%20it%20with%20gMSA%20account%20to%20avoid%20creating%20another%20service%20account%20with%20%22well-known%22%20password%3F%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2379478%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2379478%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F810580%22%20target%3D%22_blank%22%3E%40kirte%3C%2FA%3E%26nbsp%3BYou%20can%20always%20setup%20the%20script%20to%20run%20as%20a%20scheduled%20task%20and%20configure%20a%20GMSA.%20A%20decent%20article%20can%20be%20found%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.spiceworks.com%2Ftopic%2F2007564-using-a-group-managed-account-to-run-a-scheduled-task-on-server-2012r2%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%5BSOLVED%5D%20Using%20a%20group%20managed%20account%20to%20run%20a%20scheduled%20task%20on%20Server%202012R2%20-%20Windows%20Server%20-%20Spiceworks%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2407787%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2407787%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20would%20I%20run%20this%20script%20against%20entire%20Forest%20or%20against%20specific%20Domains%20within%20the%20AD%20Forest%3F%20I%20have%20a%20Parent%20Domain%20with%20multiple%20child%20domains%20but%20would%20like%20to%20exclude%20some%20Domains.%20I'm%20guessing%20it%20would%20need%20to%20be%20run%20against%20GC%20using%20port%203268%20somehow.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2407806%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2407806%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1069267%22%20target%3D%22_blank%22%3E%40Bishop777%3C%2FA%3E%26nbsp%3B%2C%20the%20easiest%20way%20would%20be%20to%20run%20the%20script%20from%20multiple%20machines.%20(One%20in%20each%20domain%20in%20your%20forest)%20You%20can%20setup%20a%20scheduled%20task%20running%20with%20a%20Group%20Managed%20Service%20Account%20or%20similar%20function.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2407820%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20Setup%20a%20Password%20Expiration%20Notification%20Email%20Solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2407820%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F241879%22%20target%3D%22_blank%22%3E%40Michael%20Kullish%3C%2FA%3E%26nbsp%3B%2C%20Thanks%20I%20suspected%20this%20but%20was%20hoping%20I%20didn't%20have%20to.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Feb 20 2020 06:29 AM
Updated by: