Hello Jon, this is the hole script (i deleted some info), thanks for helping
import-module ActiveDirectory
##############Variables#################
$verbose = $true
$notificationstartday = 14
$sendermailaddress = “example@example.net”
$SMTPserver = “servername”
$DN = “OU=Customers,DC=Domain,DC=local”
$ExcludeGroup = “OU=Users,OU=company1,OU=Customers,DC=Domain,DC=local”
########################################
##############Function##################
function PreparePasswordPolicyMail ($ComplexityEnabled,$MaxPasswordAge,$MinPasswordAge,$MinPasswordLength,$PasswordHistoryCount)
{
$verbosemailBody = “`r`n`r`n”
$verbosemailBody += “`r`n`r`n”
$verbosemailBody += “`r`n”
$verbosemailBody += “- `r`n”
$verbosemailBody += “`r`n”
$verbosemailBody += “`r`n`r`n”
return $verbosemailBody
}
function SendMail ($SMTPserver,$sendermailaddress,$usermailaddress,$mailBody)
{
$smtpServer = $SMTPserver
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = $sendermailaddress
$msg.To.Add($usermailaddress)
$msg.Subject = “Password expires”
$msg.Body = $mailBody
$smtp.Send($msg)
}
########################################
##############Main######################
$domainPolicy = Get-ADDefaultDomainPasswordPolicy
$passwordexpirydefaultdomainpolicy = $domainPolicy.MaxPasswordAge.Days -ne 0
if ($passwordexpirydefaultdomainpolicy)
{
$defaultdomainpolicyMaxPasswordAge = $domainPolicy.MaxPasswordAge.Days
if ($verbose)
{
$defaultdomainpolicyverbosemailBody = PreparePasswordPolicyMail $PSOpolicy.ComplexityEnabled $PSOpolicy.MaxPasswordAge.Days $PSOpolicy.MinPasswordAge.Days $PSOpolicy.MinPasswordLength $PSOpolicy.PasswordHistoryCount
}
}
foreach ($user in (Get-ADUser -SearchBase $DN -Filter * -properties mail))
{
$samaccountname = $user.samaccountname
$PSO= Get-ADUserResultantPasswordPolicy -Identity $samaccountname
if ($PSO -ne $null)
{
$PSOpolicy = Get-ADUserResultantPasswordPolicy -Identity $samaccountname
$PSOMaxPasswordAge = $PSOpolicy.MaxPasswordAge.days
$pwdlastset = [datetime]::FromFileTime((Get-ADUser -LDAPFilter “(&(samaccountname=$samaccountname))” -properties pwdLastSet).pwdLastSet)
$expirydate = ($pwdlastset).AddDays($PSOMaxPasswordAge)
$delta = ($expirydate - (Get-Date)).Days
$comparionresults = (($expirydate - (Get-Date)).Days -le $notificationstartday) -AND ($delta -ge 1)
if ($comparionresults)
{
$mailBody = "Beste " + $user.GivenName + “,`r`n`r`n”
$mailBody += “`r`n`r`n”
if ($verbose)
{
$mailBody += PreparePasswordPolicyMail $PSOpolicy.ComplexityEnabled $PSOpolicy.MaxPasswordAge.Days $PSOpolicy.MinPasswordAge.Days $PSOpolicy.MinPasswordLength $PSOpolicy.PasswordHistoryCount
}
$mailBody += “`r`n`r`n”
$mailBody += “`r`n`r`n”
$usermailaddress = $user.mail
SendMail $SMTPserver $sendermailaddress $usermailaddress $mailBody
}
}
else
{
if ($passwordexpirydefaultdomainpolicy)
{
$pwdlastset = [datetime]::FromFileTime((Get-ADUser -LDAPFilter “(&(samaccountname=$samaccountname))” -properties pwdLastSet).pwdLastSet)
$expirydate = ($pwdlastset).AddDays($defaultdomainpolicyMaxPasswordAge)
$delta = ($expirydate - (Get-Date)).Days
$comparionresults = (($expirydate - (Get-Date)).Days -le $notificationstartday) -AND ($delta -ge 1)
if ($comparionresults)
{
$mailBody = "Beste " + $user.GivenName + “,`r`n`r`n”
$delta = ($expirydate - (Get-Date)).Days
$mailBody += “`r`n`r`n”
if ($verbose)
{
$mailBody += $defaultdomainpolicyverbosemailBody
}
$mailBody += “`r`n`r`n”
$mailBody += “`r`n`r`n”
$usermailaddress = $user.mail
SendMail $SMTPserver $sendermailaddress $usermailaddress $mailBody
}
}
}
}