We have a hybrid environment with Office 365. Exchange 2013 server with EAC onsite and our Office 365 tenancy. I would like to find a PowerShell script to email users password expiration emails similar to that provided here https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27 but would be suitable in our environment. Can anyone assist?
this should help did something along this line a while ago, looks at AD passwords on prem & mails anything that is about to expire in 14 days or less
Change lines
4 - Number of days before password expires
31 - “One level” for single OU only maybe what you need ?
46 - OU Location
# Specify number of days. Any users whose passwords expire within # this many days after today will be processed. $intDays = 14 # Retrieve Domain maximum password age policy, in days. $D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $Domain = [ADSI]"LDAP://$D" $MPA = $Domain.maxPwdAge.Value # Convert to Int64 ticks (100-nanosecond intervals). $lngMaxPwdAge = $Domain.ConvertLargeIntegerToInt64($MPA) # Convert to days. $MaxPwdAge = -$lngMaxPwdAge/(600000000 * 1440) # Determine the password last changed date such that the password # would just now be expired. We will not process any users whose # password has already expired. $Now = Get-Date $Date1 = $Now.AddDays(-$MaxPwdAge) # Determine the password last changed date such the password # will expire $intDays in the future. $Date2 = $Now.AddDays($intDays - $MaxPwdAge) # Convert from PowerShell ticks to Active Directory ticks. $64Bit1 = $Date1.Ticks - 504911232000000000 $64Bit2 = $Date2.Ticks - 504911232000000000 $Searcher = New-Object System.DirectoryServices.DirectorySearcher $Searcher.PageSize = 100 $Searcher.SearchScope = "onelevel" # Filter on user objects where the password expires between the # dates specified, the account is not disabled, password never # expires is not set, password not required is not set. # and password cannot change is not set. $Searcher.Filter = "(&(objectCategory=person)(objectClass=user)" ` + "(pwdLastSet>=" + $($64Bit1) + ")" ` + "(pwdLastSet $Null $Searcher.PropertiesToLoad.Add("name") > $Null $Searcher.PropertiesToLoad.Add("Company") > $Null $Searcher.PropertiesToLoad.Add("pwdLastSet") > $Null $Searcher.PropertiesToLoad.Add("mail") > $Null # Only search the specified OU. $Searcher.Searchroot = "LDAP://OU=Users,DC=contoso,DC=com" $Results = $Searcher.FindAll() #ForEach ($Result In $Results) { # Retrieve attribute values for this user. $Samaccountname = $Result.Properties.Item("sAMAccountName") $PLS = $Result.Properties.Item("pwdLastSet") $Mail = $Result.Properties.Item("mail") $Displayname = $Result.Properties.Item("name") $Company = $Result.Properties.Item("Company") If ($PLS.Count -eq 0) { $Date = [DateTime]0 } Else { # Interpret 64-bit integer as a date. $Date = [DateTime]$PLS.Item(0) } # Convert from .NET ticks to Active Directory Integer8 ticks. # Also, convert from UTC to local time. $PwdLastSet = $Date.AddYears(1600).TolocalTime() # Determine when password expires. $PwdExpires = $PwdLastSet.AddDays($MaxPwdAge) # Convert to UK Date Format $PWDRES = $PwdExpires.ToLongDateString() #Get Total Days Remaining $Remaining = $PwdExpires - (get-date) | Select days -ExpandProperty days #Get Subject Date $SubjectDate = $Pwdres # Output information for this user. $text = "BODY{font-family:'Times New Roman'};P{font-family:'Times New Roman'};TABLE{font-family:'Times New Roman'}" $text = $text + "Dear Sir/Madam," $text = $text + " your account password is due to expire in $Remaining days." ##Variables $smtpServer = "smtp.contoso.com" $From = "support@contoso.com" $SubjectCPY = "Your Arup Account Password is Due to Expire on $SubjectDate" $Body = "$text" $to ="someone@someone.com" #Email Content ## -cc $mail will mail user account Send-Mailmessage -smtpServer $smtpServer -from $from -to $to -subject $subjectCPY -priority High -Body $Body -BodyAsHtml