In this article I have already described how a website can be set up on which users can change their password. Especially for users who work with a computer that is not a member of the Active Directory, changing the password is often a problem.
Using the website, these users now have the opportunity to change their password in good time. However, the users must also be informed if the password is due to expire in the near future. The easiest way is probably to send an e-mail to the user so that external users can also be reached.
To remind users to change their password in time, I have created a small PowerShell script. The script can be downloaded here:
Das Script muss natürlich noch etwas an die jeweilige Umgebung angepasst werden. Im wesentlichen müssen nur die Zeilen 1 – 32 an die eigenen Bedürfnisse angepasst werden:
Line 2 contains the number of days after a password must be changed. Line 3 defines how many days before the password expires the user should be informed.
Lines 6 - 8 contain the details of the mail server via which the e-mails are to be sent.
Lines 14 - 29 contain the text of the mail that is sent to the user. The following variables can be used:
- $GivenName: First name of the AD user
- $Surname: Last name of the AD user
- $DaysBeforePasswordchange: Number of days until password change
- $PasswordExpireDate: Date on which the password expires
The script requires the PowerShell CMDLets for the Active Directory (Get-ADUser). The e-mail is sent in HTML format to the e-mail address assigned to the user in the Active Directory.
Update 05.01.17: Many thanks for the comments. I have added the notes to the script accordingly and uploaded a new version.