Friday, 7 June 2013

Powershell Command: Find the Password Expiration Date for a User and Email the results

Requirement:

Find out when specific user's passwords are expiring and then email the details out to a mailbox/user.

Solution: 

First: download the Quest ActiveRoles Managemnet Snap in and install it on whichever machine you're using for the job (http://www.quest.com/powershell/activeroles-server.aspx)

Second: create a powershell script to poll Active Directory to find out when the specified user's passwords expire and then email the results to the specificed email addresses. This powershell script is shown below:


#Region Requires QAD cmdlets

if ((Get-PSSnapin "Quest.ActiveRoles.ADManagement" -ErrorAction SilentlyContinue) -eq $null)
{
Add-PSSnapin "Quest.ActiveRoles.ADManagement"
}

#EndRegion

$body = @()

 $body += Get-QADUser "Adverb, Jon" |select Name,PasswordExpires
 $body += Get-QADUser "Beast, James" |select Name,PasswordExpires
 $body += Get-QADUser "Creeper, Rachel" |select Name,PasswordExpires
 $body += Get-QADUser "Death, Alan" |select Name,PasswordExpires
 $body += Get-QADUser "Danger, Steve" |select Name,PasswordExpires

$body = $body | out-string

 $email = @{
 From = "big.robot@robot.com"
 To = "fat.robot@robot.com"
 CC = "bad.robot@robot.com"
 Subject = "Password Expiration Dates of Problem Robots"
 SMTPServer = "rb-exchhub.robot.loca"
 Body = $body
 }

send-mailmessage @email



How does it work?
 
This script has three key parts. The first part loads the Quest ActiveRoles Snap In into power shell:


#Region Requires QAD cmdlets
if ((Get-PSSnapin "Quest.ActiveRoles.ADManagement" -ErrorAction SilentlyContinue) -eq $null)
{
Add-PSSnapin "Quest.ActiveRoles.ADManagement"
}
#EndRegion 
The second part polls Active Directory to find out when the specified User's accounts expire:

 Get-QADUser "Adverb, Jon" |select Name,PasswordExpires
 Get-QADUser "Beast, James" |select Name,PasswordExpires
 Get-QADUser "Creeper, Rachel" |select Name,PasswordExpires
 Get-QADUser "Death, Alan" |select Name,PasswordExpires
 Get-QADUser "Danger, Steve" |select Name,PasswordExpires

The third part involves creating the email and mailing it out:

$body = @()

$body +=
$body +=
$body +=
$body +=
$body +=

$body = $body | out-string

$email = @{
From = "big.robot@robot.com"
To = "fat.robot@robot.com"
CC = "bad.robot@robot.com"
Subject = "Password Expiration Dates of Problem Robots"
SMTPServer = "rb-exchhub.robot.loca"
Body = $body
}

 

No comments:

Post a Comment