Monday, December 9, 2013

PowerShell and Active Directory : Active Directory Users Password Expiry Email Reminder Script.

 

Are you a System Administrator and managing Active Directory too?

If Yes, then i know what is the most annoying problem we do face almost daily, that annoying problem is, when user ignore the notification that his password is going to expire soon, and he forget to reset it, and then he/she call Support  and told us tgat,they are not able to login to laptop, their email is not working etc etc.

I face these kind of problem once or twice in a week.

To solve it, i decide to write a PowerShell script, which sent an email to user that his/her password is going to expire in a 7 days.

This script sent an email to user, about that his password is going to expire in 7 days, and he should change it.

Note: make sure you have RSAT tools installed before running this script.

You can download the script from below link.

Download : http://gallery.technet.microsoft.com/PowerShell-Active-7179b91d 

Screenshots

1

Screenshot of an email, which user get.

3

I am pasting the code , but please download it from technet, because this code may contain some formatting issues .

#==================| Satnaam Waheguru Ji |=============================== 

#            

#            Author  :  Aman Dhally  

#            E-Mail  :  amandhally@gmail.com  

#            website :  www.amandhally.net  

#            twitter :   @AmanDhally  

#            blog    : http://newdelhipowershellusergroup.blogspot.in/ 

#            facebook: http://www.facebook.com/groups/254997707860848/  

#            Linkedin: http://www.linkedin.com/profile/view?id=23651495  

#  

#            Creation Date    : 09-12-2013

#            File    :         

#            Purpose :    

#            Version : 1  

#          

# 

#            My Pet Spider :          /^(o.o)^\   

#======================================================================== 

 

##Note ====> Before running this script, make sure you have RSAT tool installed.

 

#Immport Module Active Directory

Import-Module ActiveDirectory -ErrorAction 'Stop'

 

# Days after password expire, Change the Day's as per your Default Paaaword Expiration group Policy

[int]$totalDays = 90

 

# TOday

$todayDate =  Get-Date

 

 

#Password expiredCollection

$passwordExpiredCollection = @()

 

# Email Option and Value

 

$smtp = "Your-ExchnageServer"

$subject = "Chnage your Password Soon"

 

# filtering user from AD

$adUsers = Get-ADUser -Filter {(ObjectClass -eq "user") -and (EmailAddress -ne "$null")  -and (PasswordNeverExpires -eq "False")} -Properties PasswordNeverExpires,PasswordLastSet,PasswordExpired,LockedOut,EmailAddress

 

foreach ( $aduser in $adUsers)

 

        {

   

           if ($aduser.PasswordLastSet -ne $null) {

 

           

            [datetime]$lastPasswordSet = $aduser.PasswordLastSet

            $timeSpan = New-TimeSpan  (Get-date -Date $lastPasswordSet.Date )

            $expirationTime = $totalDays - $timeSpan.Days

          

            }

 

 

            Switch ($expirationTime)

            {

 

 

            7  {

                    $dateAfter7Days = (Get-Date).AddDays(7).ToShortDateString().ToString()

                           $passwordExpiring7Days  += $aduser.Name + ";" + $aduser.EmailAddress + ";" + $expirationTime + ";" + $dateAfter7Days

           

                }

                    

 

           

           

            }

 

            #switch stop

 

 

            # If User password is expired.

 

            if ( $aduser.PasswordExpired -eq $true )

                

                {

           

                    $passwordExpiredCollection += $aduser.Name + ";" + $aduser.EmailAddress + ";" + $expirationTime + "`n"

           

                }

 

 

 

       

        }

 

 

 

# Splitting

 

 

if ( $passwordExpiring7Days -ne $null ) {

 

        foreach ( $7name in $passwordExpiring7Days  ) {

 

 

            $7userCollection = $7name -split ";"

            $7userName = $7userCollection[0]

            $7userEmail = $7userCollection[1]

            $7pass = $7userCollection[2]

            $7day = $7userCollection[3]

 

 

            Write-Host "Dear $7userName, your emailid is $7userEmail , you password is expiring in $7pass days." -ForegroundColor Green

 

            $body = "Dear $7userName, <br>"

           

            $body += "<br>"

            $body += "Your password is due to expire in  <b><font color=red> $7pass days</b></font>. Please ensure you have changed it before then.<br>"

            $body += "<br>"

 

            $body += "Regards<br>"

            $body += "I.T. Team<br>"

            $body += "<br>"

            $body += "<br>"

            $body += "<b>How to change your password:</b><br>"

            $body += "    1. Press CTRL+ALT+DELETE, and then click Change a password.<br>"

            $body += "    2. Type your old password, type your new password, type your new password again to confirm it, and then press ENTER.<br>"

 

                     # if you want to send an email, please un-comment the below line.

            #Send-MailMessage -to $7userEmail -From "YourID@YourDomain.com"  -SmtpServer $smtp -Body $body -BodyAsHtml -Subject $subject  -Priority high -Encoding UTF8

                    

                    

             

            }

 

}

 

 

# sending list of password expired.

 

 $body = ""

 $body += $passwordExpiredCollection

 

 Write-Warning "Users those passwords are already expired ========" 

 Write-Host $passwordExpiredCollection  

 

# if you want to send an email, please un-comment the below line.

 #Send-MailMessage -to "YOURID@YourDomain.com" -SmtpServer $smtp -From "SCTIPTER@YourDomain.com" -Body $body -Subject "Password those are already expired"

 

 

 

 

 

Download : http://gallery.technet.microsoft.com/PowerShell-Active-7179b91d 

Regards

Aman Dhally

clip_image001 clip_image002 clip_image003 clip_image005  clip_image007


Monday, December 2, 2013

Part– 4 : Working with Event Logs using PowerShell :- Get-WinEvent

 

Part-1: Working with Event Logs using PowerShell

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

Part–3 : Working with Event Logs using PowerShell :- Get-EventLog

 

In previous posts , i had shown you how to use “Get-EventLog”, now we are going to use “Get-WinEvent” cmdlet, The Get-WinEvent cmdlet is more powerful then “Get-EventLog” cmdlet., 

Get-winEvent works with both type of logs, the legacy/classic event logs and “Applications and Service” types logs.

Let’s start.

To list all the logs those are available on your laptop, we can use –ListLog *  with get-winEvent.

Get-WinEvent -ListLog *

Now you cans see all event logs available on your system.

1

 

There are few logs, those requires administrator privileges to open/see them, if you saw red errors, that mean you can only view those logs only by running run PowerShell as administrator.

2

 

To view any classic event log, you just need to use –LogName paramter and the then logs name as argument.

 

Get-WinEvent -LogName Application

 

3

 

To see “Application and Service Log” the same –LogName paramter will be used.

“”

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin"

 

4

 

If you wan to see, only few logs, you can use –MaxEvents paramter , with how many logs you want to see as argument.

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin" -MaxEvents 10

 

5

 

and if you want to see the oldest log first, you can use use –Oldest parameter.

 

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin"Oldest

6

 

Part-1: Working with Event Logs using PowerShell

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

Part–3 : Working with Event Logs using PowerShell :- Get-EventLog

 

That’s all for today. See you in next blog Post.

Regards

Aman Dhally

clip_image001 clip_image002 clip_image003 clip_image005  clip_image007