We have a hybrid environment with Office 365. Exchange 2013 server with EAC onsite and our Office 365 tenancy. I would like to find a PowerShell script to email users password expiration emails similar to that provided here https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27 but would be suitable in our environment. Can anyone assist?
this should help did something along this line a while ago, looks at AD passwords on prem & mails anything that is about to expire in 14 days or less
Change lines
4 - Number of days before password expires
31 - “One level” for single OU only maybe what you need ?
46 - OU Location
# Specify number of days. Any users whose passwords expire within
# this many days after today will be processed.
$intDays = 14
# Retrieve Domain maximum password age policy, in days.
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$MPA = $Domain.maxPwdAge.Value
# Convert to Int64 ticks (100-nanosecond intervals).
$lngMaxPwdAge = $Domain.ConvertLargeIntegerToInt64($MPA)
# Convert to days.
$MaxPwdAge = -$lngMaxPwdAge/(600000000 * 1440)
# Determine the password last changed date such that the password
# would just now be expired. We will not process any users whose
# password has already expired.
$Now = Get-Date
$Date1 = $Now.AddDays(-$MaxPwdAge)
# Determine the password last changed date such the password
# will expire $intDays in the future.
$Date2 = $Now.AddDays($intDays - $MaxPwdAge)
# Convert from PowerShell ticks to Active Directory ticks.
$64Bit1 = $Date1.Ticks - 504911232000000000
$64Bit2 = $Date2.Ticks - 504911232000000000
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 100
$Searcher.SearchScope = "onelevel"
# Filter on user objects where the password expires between the
# dates specified, the account is not disabled, password never
# expires is not set, password not required is not set.
# and password cannot change is not set.
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" `
+ "(pwdLastSet>=" + $($64Bit1) + ")" `
+ "(pwdLastSet $Null
$Searcher.PropertiesToLoad.Add("name") > $Null
$Searcher.PropertiesToLoad.Add("Company") > $Null
$Searcher.PropertiesToLoad.Add("pwdLastSet") > $Null
$Searcher.PropertiesToLoad.Add("mail") > $Null
# Only search the specified OU.
$Searcher.Searchroot = "LDAP://OU=Users,DC=contoso,DC=com"
$Results = $Searcher.FindAll()
#ForEach ($Result In $Results)
{
# Retrieve attribute values for this user.
$Samaccountname = $Result.Properties.Item("sAMAccountName")
$PLS = $Result.Properties.Item("pwdLastSet")
$Mail = $Result.Properties.Item("mail")
$Displayname = $Result.Properties.Item("name")
$Company = $Result.Properties.Item("Company")
If ($PLS.Count -eq 0)
{
$Date = [DateTime]0
}
Else
{
# Interpret 64-bit integer as a date.
$Date = [DateTime]$PLS.Item(0)
}
# Convert from .NET ticks to Active Directory Integer8 ticks.
# Also, convert from UTC to local time.
$PwdLastSet = $Date.AddYears(1600).TolocalTime()
# Determine when password expires.
$PwdExpires = $PwdLastSet.AddDays($MaxPwdAge)
# Convert to UK Date Format
$PWDRES = $PwdExpires.ToLongDateString()
#Get Total Days Remaining
$Remaining = $PwdExpires - (get-date) | Select days -ExpandProperty days
#Get Subject Date
$SubjectDate = $Pwdres
# Output information for this user.
$text = "BODY{font-family:'Times New Roman'};P{font-family:'Times New Roman'};TABLE{font-family:'Times New Roman'}"
$text = $text + "Dear Sir/Madam,"
$text = $text + " your account password is due to expire in $Remaining days."
##Variables
$smtpServer = "smtp.contoso.com"
$From = "support@contoso.com"
$SubjectCPY = "Your Arup Account Password is Due to Expire on $SubjectDate"
$Body = "$text"
$to ="someone@someone.com"
#Email Content
## -cc $mail will mail user account
Send-Mailmessage -smtpServer $smtpServer -from $from -to $to -subject $subjectCPY -priority High -Body $Body -BodyAsHtml