A few years ago I wrote a PowerShell script/tool to notify users when their password was going to expire in Active Directory. The last update was almost 4 years ago. Some weeks ago I was inspired by someone that asked if the same script was also able to notify users, if their AD account was going to expire. The quick answer to that question was: “No, that was not possible”. Nevertheless, with that request in mind, I updated the PowerShell script to support expiry notifications for both account expirations and password expirations. And in addition to that I also updated many other things. Below is a list of of the updates I did:
v0.9, 2020-04-14, Jorge de Almeida Pinto [MVP-EMS]:
– Added support for account expiry notification in addition to password expiry notification
– In xml file changed main xml node name from ADPwdExpNotifyConfig to ADExpNotifyConfig
– In the xml file change fullPathToLogFile to logFileFolderPath
– In the xml file change fullPathToCSVFile to csvFileFolderPath
– Added features node section to xml for difference in enabled/disabled features
– Added featureName property to htmlBodyFile nodes in the XML
– Changed the fullPath property to htmlBodyFullPath in the htmlBodyFile nodes in the XML
– Added the attachedPictureFullPath property to the htmlBodyFile nodes in the XML
– Added accountExpiryNotificationEnabled and pwdExpiryNotificationEnabled property to searchBase nodes
– Added searchScope property (OneLevel Or Subtree) to searchBase nodes for more granualarity
– Added support for URL to request extend the accounts in the XML
– Added separate section per feature in the section daysBeforeWarn in the XML
– Changed the property name ‘min’ to ‘MinOrEqual’ in the section daysBeforeWarn in the XML
– Added support for Windows Server 2019 AD
– Added mail function with additional logic
– Added write to event log function
– Updated the Logging function
– Dropped support for custom config for logToScreen. By default will log to screen
– Dropped support for custom config for logToFile. By default will log to file
– Implement UAC check to make sure it does not break execution of the script
– All script issues are mailed to e-mail address specified in toSMTPAddressSupport and not toSMTPAddressInTestMode
– Bug fix: make sure that values exist in GPO and PSO
– Bug fix: make sure to Null values before reuse
– Checked script with Visual Studio Code and fixed all "problems" identified by Visual Studio Code
– Code improvements/optimization throughout the code
– Added more comments
– added html body example for account expiry in US and NL language
– Updated the output with different colors
– Updates NOTES section
–
WARNING: If you are using an older version of the script, you need to migrate the settings in your current XML configuration file to the new XML configuration. DO NOT just replace the PowerShell script and execute it as that will not work. Look at the change history to see what changed!
–
Active Directory Account/Password Notifications:
- Code: https://github.com/zjorz/Public-AD-Scripts/tree/master/AD-Expiry-Notification
- Documentation: https://github.com/zjorz/Public-AD-Scripts/blob/master/AD-Expiry-Notification/README.md
–
Got feedback? Please let me know through Github. Thanks!
–
PS: It is on my list to build a similar script for Azure AD accounts
–
Enjoy and cheers!
–
Cheers,
Jorge
————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
#################### http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-
Jorge's Quest For Knowledge! 