Active Directory Password Expiry Notification
Since upgrading my workplace to Windows 7 my department got a lot of complaints from users that they no longer knew when their passwords would expire.
As you’re probably aware, the little balloon box in Windows 7 isn’t all that noticeable compared to the dialogue box Windows XP threw requiring you to actually acknowledge the notice.
Two years ago I hacked a little PowerShell script that sent off a text based email to each user when their password was close to expire. It worked well, as ugly as it was, but I wanted to build in reporting. I ended up re-writing it, and today I’m releasing it into the wild.
Let me introduce to you the Active Directory Password Expiry Notification script, or ADPENS.
Written in PowerShell, ADPENS quickly combs through Active Directory in search of enabled users and sends them a pretty HTML notification email when their password has, or is about to expire.
ADPENS is also capable of sending a report allowing administrators to know who can’t log in and who will have their password expire that day. This is useful in quickly troubleshooting why users have log in problems.
You can run the Active Directory password expiry notification script from within PowerShell, but the best way is to use the Task Scheduler on any domain controller and run daily from there. I highly recommend you sign the ADPENS script to work in your environment.
ADPENS works well but is a little rough around the edges. There is some code duplication and other things that could be cleaned up, but for a quick script its alright.
There are several variables that need to be set in order for the script to run, but I’ve documented it as well as I could and it should be easy to understand.
I hope you find this script useful! I’ve licensed this under the MIT license meaning you can do whatever you want with the script. My only wish is that any changes you make, to please merge them back so everyone can benefit.