Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PowerShell Active Directory Password Expiration Email Notification

Password-Expiration-Notifications.ps1 is a powerShell script designed to be run on a schedule to automatically email Active Directory users of soon-to-expire and recently-expired passwords.

This version is a highly modified fork of the original v1.4 by Robert Pearman from https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27. Pearman's 2.x version was completely re-written.

New in this version:

  • A SearchBase is required.
  • OU ExcludeList [Commented out in code]
  • When logging, the CSV will always be overwritten. (unless you specify a variable file name such as "c:\PS-pwd-expiry-$(Get-Date -format yyyyMMdd-HHmmss).csv")
  • Accounts with recently-expired passwords can be notified by specifying a "negativedays" value.
  • Email attempts will handle basic errors, but nothing more. This script does not account for SMTP credentials. [Please review July 2022 comments for SMTP auth.]
  • Accounts with MaxPasswordAge 00:00:00 (never) are skipped. (Same as PasswordNeverExpires.)
  • Testing-mode will allow a specified number of sample notifications to be emailed to the Administrator(s). (Rather than defaulting to all users' expiration emails.)
  • Processing information and basic statistics are written to console.
  • When logging, the CSV file and basic statistics will be emailed to the specified Administrator(s).

Self-Help Resources:

#################################################################################################################
#
# Password-Expiration-Notifications v20220823
# Highly Modified fork. https://gist.github.com/meoso/3488ef8e9c77d2beccfd921f991faa64
#
# Originally from v1.4 @ https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27
# https://windowspoweressentials.com/2017/02/21/powershell-password-reminder-script-updated/
# https://github.com/titlerequired/public
# Robert Pearman (WSSMB MVP)
# TitleRequired.com
# Script to Automated Email Reminders when Users Passwords due to Expire.
#
# Requires: Windows PowerShell Module for Active Directory
#
##################################################################################################################
# Please Configure the following variables....
$testing = $true # Set to $false to Email Users. $true to email samples to administrators only (see $sampleEmails below)
$SearchBase="DC=EXAMPLE,DC=COM"
### PURGING this option; seems to cause issue. # $ExcludeList="'New Employees'|'Separated Employees'" #in the form of "SubOU1|SubOU2|SubOU3" -- possibly needing single quote for OU's with spaces, separate OU's with pipe and double-quote the list.
$smtpServer="smtp.example.com"
$expireindays = 7 #number of days of soon-to-expire paswords. i.e. notify for expiring in X days (and every day until $negativedays)
$negativedays = -3 #negative number of days (days already-expired). i.e. notify for expired X days ago
$from = "Administrator <administrator@example.com>"
$logging = $true # Set to $false to Disable Logging
$logNonExpiring = $false
$logFile = "c:\PS-pwd-expiry.csv" # ie. c:\mylog.csv
$adminEmailAddr = "Admin1@example.com","Admin2@example.com","Admin3@example.com" #multiple addr allowed but MUST be independent strings separated by comma
$sampleEmails = 3 #number of sample email to send to adminEmailAddr when testing ; in the form $sampleEmails="ALL" or $sampleEmails=[0..X] e.g. $sampleEmails=0 or $sampleEmails=3 or $sampleEmails="all" are all valid.
# please edit $body variable within the code
###################################################################################################################
# System Settings
$textEncoding = [System.Text.Encoding]::UTF8
$date = Get-Date -format yyyy-MM-dd #for logfile only
$starttime=Get-Date #need time also; don't use date from above
Write-Host "Processing `"$SearchBase`" for Password-Expiration-Notifications"
Write-Host "Testing Mode: $testing"
# Get Users From AD who are Enabled, Passwords Expire
Import-Module ActiveDirectory
Write-Host "Gathering User List"
$users = get-aduser -SearchBase $SearchBase -Filter {(enabled -eq $true) -and (passwordNeverExpires -eq $false)} -properties sAMAccountName, displayName, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress, lastLogon, whenCreated
Write-Host "Filtering User List"
### PURGING this option; seems to cause issue. # $users = $users | Where-Object {$_.DistinguishedName -notlike $ExcludeList} ##also try -notmatch, needs heavy testing
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
$countprocessed=${users}.Count
$samplesSent=0
$countsent=0
$countnotsent=0
$countfailed=0
$nonexpiring=0
Write-Host "${countprocessed} user-accounts selected to iterate."
#set max sampleEmails to send to $adminEmailAddr
if ( $sampleEmails -isNot [int]) {
if ( $sampleEmails.ToLower() -eq "all") {
$sampleEmails=$users.Count
} #else use the value given
}
if (($testing -eq $true) -and ($sampleEmails -ge 0)) {
Write-Host "Testing only; $sampleEmails email samples will be sent to $adminEmailAddr"
} elseif (($testing -eq $true) -and ($sampleEmails -eq 0)) {
Write-Host "Testing only; emails will NOT be sent"
}
# Create CSV Log
if ($logging -eq $true) {
#Always purge old CSV file
Out-File $logfile
Add-Content $logfile "`"Date`",`"SAMAccountName`",`"DisplayName`",`"Created`",`"PasswordSet`",`"DaystoExpire`",`"ExpiresOn`",`"EmailAddress`",`"Notified`""
}
# Process Each User for Password Expiry
foreach ($user in $users) {
$dName = $user.displayName
$sName = $user.sAMAccountName
$emailaddress = $user.emailaddress
$whencreated = $user.whencreated
$passwordSetDate = $user.PasswordLastSet
$sent = "" # Reset Sent Flag
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null) {
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
} else {
# No FGPP set to Domain Default
$maxPasswordAge = $DefaultmaxPasswordAge
}
#If maxPasswordAge=0 then same as passwordNeverExpires, but PasswordCannotExpire bit is not set
if ($maxPasswordAge -eq 0) {
Write-Host "$sName : MaxPasswordAge = $maxPasswordAge (i.e. PasswordNeverExpires) but bit not set -- User not selected to receive email."
}
$expiresOn = $passwordsetdate + $maxPasswordAge
$today = (get-date)
if ( ($user.passwordexpired -eq $false) -and ($maxPasswordAge -ne 0) ) { #not Expired and not PasswordNeverExpires
$daystoexpire = (New-TimeSpan -Start $today -End $expiresOn).Days
} elseif ( ($user.passwordexpired -eq $true) -and ($passwordSetDate -ne $null) -and ($maxPasswordAge -ne 0) ) { #if expired and passwordSetDate exists and not PasswordNeverExpires
# i.e. already expired
$daystoexpire = -((New-TimeSpan -Start $expiresOn -End $today).Days)
} else {
# i.e. (passwordSetDate = never) OR (maxPasswordAge = 0)
$daystoexpire="NA"
$nonexpiring += 1
#continue #"continue" would skip user, but bypass any non-expiry logging
}
#Write-Host "$sName : DaysToExpire: $daystoexpire MaxPasswordAge: $maxPasswordAge" #debug
# Set verbiage based on Number of Days to Expiry.
Switch ($daystoexpire) {
{$_ -ge $negativedays -and $_ -le "-1"} {$messageDays = "has expired"}
"0" {$messageDays = "will expire today"}
"1" {$messageDays = "will expire in 1 day"}
default {$messageDays = "will expire in " + "$daystoexpire" + " days"}
}
# Email Subject Set Here
$subject="Your password $messageDays"
# Email Body Set Here, Note You can use HTML, including Images.
$body="
<p>Your Active Directory password for your <b>$sName</b> account $messageDays. After expired, you will not be able to login until your password is changed.</p>
<p>Please visit selfservice.example.com to change your password. Alternatively, on a Windows machine, you may press Ctrl-Alt-Del and select `"Change Password`".</p>
<p>If you do not know your current password, <a href='https://selfservice.example.com/?action=sendtoken'>click here to email a password reset link</a>.</p>
Example.com Administrator<br>
Administrator@example.com<br>
www.example.com/support/<br>
</p>
"
# If testing-enabled and send-samples, then set recipient to adminEmailAddr else user's EmailAddress
if (($testing -eq $true) -and ($samplesSent -le $sampleEmails)) {
$recipient = $adminEmailAddr
} else {
$recipient = $emailaddress
}
#if in trigger range, send email
if ( ($daystoexpire -ge $negativedays) -and ($daystoexpire -le $expireindays) -and ($daystoexpire -ne "NA") ) {
Write-Host "$sName : Selected to receive email: password ${messageDays}"
# Send Email Message
if (($emailaddress) -ne $null) {
if ( ($testing -eq $false) -or (($testing -eq $true) -and ($samplesSent -lt $sampleEmails)) ) {
try {
Send-Mailmessage -smtpServer $smtpServer -from $from -to $recipient -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding -ErrorAction Stop -ErrorVariable err
} catch {
write-host "Error: Could not send email to $recipient via $smtpServer"
$sent = "Send fail"
$countfailed++
} finally {
if ($err.Count -eq 0) {
write-host "Sent email for $sName to $recipient"
$countsent++
if ($testing -eq $true) {
$samplesSent++
$sent = "toAdmin"
} else { $sent = "Yes" }
}
}
} else {
Write-Host "Testing mode: skipping email to $recipient"
$sent = "No"
$countnotsent++
}
} else {
Write-Host "$dName ($sName) has no email address."
$sent = "No addr"
$countnotsent++
}
# If Logging is Enabled Log Details
if ($logging -eq $true) {
Add-Content $logfile "`"$date`",`"$sName`",`"$dName`",`"$whencreated`",`"$passwordSetDate`",`"$daystoExpire`",`"$expireson`",`"$emailaddress`",`"$sent`""
}
} else {
#if ( ($daystoexpire -eq "NA") -and ($maxPasswordAge -eq 0) ) { Write-Host "$sName PasswordNeverExpires" } elseif ($daystoexpire -eq "NA") { Write-Host "$sName PasswordNeverSet" } #debug
# Log Non Expiring Password
if ( ($logging -eq $true) -and ($logNonExpiring -eq $true) ) {
if ($maxPasswordAge -eq 0 ) {
$sent = "NeverExp"
} else {
$sent = "No"
}
Add-Content $logfile "`"$date`",`"$sName`",`"$dName`",`"$whencreated`",`"$passwordSetDate`",`"$daystoExpire`",`"$expireson`",`"$emailaddress`",`"$sent`""
}
}
} # End User Processing
$endtime=Get-Date
$totaltime=($endtime-$starttime).TotalSeconds
$minutes="{0:N0}" -f ($totaltime/60)
$seconds="{0:N0}" -f ($totaltime%60)
Write-Host "$countprocessed Users from `"$SearchBase`" Processed in $minutes minutes $seconds seconds."
Write-Host "Email trigger range from $negativedays (past) to $expireindays (upcoming) days of user's password expiry date."
Write-Host "$nonexpiring Non-Expiring accounts."
Write-Host "$countsent Emails Sent."
Write-Host "$countnotsent Emails skipped."
Write-Host "$countfailed Emails failed."
# sort the CSV file
if ($logging -eq $true) {
Rename-Item $logfile "$logfile.old"
import-csv "$logfile.old" | sort ExpiresOn | export-csv $logfile -NoTypeInformation
Remove-Item "$logFile.old"
Write-Host "CSV File created at ${logfile}."
if ($testing -eq $true) {
$body="<b><i>Testing Mode.</i></b><br>"
} else {
$body=""
}
$body+="
CSV Attached for $date<br>
$countprocessed Users from `"$SearchBase`" Processed in $minutes minutes $seconds seconds.<br>
Email trigger range from $negativedays (past) to $expireindays (upcoming) days of user's password expiry date.<br>
$nonexpiring Non-Expiring accounts.<br>
$countsent Emails Sent.<br>
$countnotsent Emails skipped.<br>
$countfailed Emails failed.
"
try {
Send-Mailmessage -smtpServer $smtpServer -from $from -to $adminEmailAddr -subject "Password Expiry Logs" -body $body -bodyasHTML -Attachments "$logFile" -priority High -Encoding $textEncoding -ErrorAction Stop -ErrorVariable err
} catch {
write-host "Error: Failed to email CSV log to $adminEmailAddr via $smtpServer"
} finally {
if ($err.Count -eq 0) {
write-host "CSV emailed to $adminEmailAddr"
}
}
}
# End
@meoso
Copy link
Author

meoso commented Dec 1, 2021

@dklein73 , yes, we use FGPP as well (although ours further fine tunes a generic global GPO). Here, the script is telling you that your accounts have maxpasswordage = 0, which is another form of password will never expire. to resolve this, the user accounts need a maxpasswordage set.

@razvani
Copy link

razvani commented Mar 9, 2022

This line need to be updated:

$countprocessed={$users}.Count
instead of
$countprocessed=${users}.Count

Side note: Thank you for the script!

@meoso
Copy link
Author

meoso commented Mar 9, 2022

This line need to be updated:

thank you! ..... wait, no
${var} is proper, not {$var}, as far as my google-fu

@razvani
Copy link

razvani commented Mar 9, 2022

I just run the script and on my side the ${users}.Count does not return anything.

@meoso
Copy link
Author

meoso commented Mar 9, 2022

I just run the script and on my side the ${users}.Count does not return anything.

i just tested my live/in-production code....

[...redacted...]

Write-Host "Processing `"$SearchBase`" for Password-Expiration-Notifications"

# Get Users From AD who are Enabled, Passwords Expire
Import-Module ActiveDirectory
$users = get-aduser -SearchBase $SearchBase -Filter {(enabled -eq $true) -and (passwordNeverExpires -eq $false)} -properties sAMAccountName, displayName, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress, lastLogon, whenCreated
$users = $users | where-object {$_.DistinguishedName -notlike "*OU=Separated*"}
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

$countprocessed=${users}.Count
Write-Host $countprocessed
Processing "DC=REDACTED,DC=EDU" for Password-Expiration-Notifications
23881

EDIT: try without the line $users = $users | Where-Object {$_.DistinguishedName -notmatch $ExcludeList} as there may be a discrepancy here.

The absolute simplest test would be

Import-Module ActiveDirectory
$users = get-aduser
$countprocessed=${users}.Count
Write-Host $countprocessed

@jaydeegee
Copy link

jaydeegee commented Apr 13, 2022

I'm having issues with zero returned users, as well. I've set the parameters to 180 days and with another program I find 14 users that meet that criteria. I've also verified that none of our users' passwords are set to never expire and we do have max password age set using FGPP.

I ran get-aduser and specified the same search base as in the powerhsell script and get the expected users returned.

Everything runs without error, email is sent, etc. Just zero users returned.

Is it possible that FGPP is the culprit? Any other thoughts on what to check are appreciated.

@meoso
Copy link
Author

meoso commented Apr 14, 2022

[...]
Everything runs without error, email is sent, etc. Just zero users returned.

Is it possible that FGPP is the culprit? Any other thoughts on what to check are appreciated.

We use FGPP and ours still works...

Review a few things here:

$users = get-aduser -SearchBase $SearchBase -Filter {(enabled -eq $true) -and (passwordNeverExpires -eq $false)} -properties sAMAccountName, displayName, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress, lastLogon, whenCreated
Write-Host "Filtering User List"
$users = $users | Where-Object {$_.DistinguishedName -notmatch $ExcludeList}

Try without the $users = $users | Where-Object {$_.DistinguishedName -notmatch $ExcludeList} and see if $users results what you need.
Check for any spaces ( ) in the searchbase. Your OU may need single or double quoting.
Check that your users are enabled (not disabled). The first search excludes disabled accounts.

If this does not help, review the commandline output and see if anything is unexpected. If still nothing review the logic around line 99.

@jaydeegee
Copy link

jaydeegee commented Apr 14, 2022

Yes -thank you! Commenting out the $users = $users line resolved the issue.

Is this because we do not populate the $ExcludeList variable? We will likely have exclusions in the near future.

Thanks much for sharing this script and for your continued support of it.

@meoso
Copy link
Author

meoso commented Apr 14, 2022

I've commented out those associated line-items. I do recall another user having related issue.
In my production script, I have that filter with hardcoded OU's rather than a variable array and also utilize -notlike.
Therefore i think it best to leave this option out of the script by default.

@Veenhof03
Copy link

Veenhof03 commented Jun 2, 2022

Is there a way to mail with this script to users that have no "DaystoExpire" value and have "PasswordNeverExpires" value enabled?
Will the script email users if either one is configured? Or is there an option to add an email to neverexpires users?

@meoso
Copy link
Author

meoso commented Jun 2, 2022

Is there a way to mail with this script to users that have no "DaystoExpire" value and have "PasswordNeverExpires" value enabled? Will the script email users if either one is configured? Or is there an option to add an email to neverexpires users?

such does not make logical sense, TBH. BUT you could easily modify the script. look at the $users = get-aduser ... near line 42 and modify as needed. look at the area that calculates DaysToExpire, then possibly modify the switch statement coptions near line 113.

i have another script that we never put into production that would tell NEW accounts they needed to change there initial password. maybe this is something you would like. please see https://gist.github.com/meoso/f17307bb852930960c1c7fb2d55e967f and review lines 48 & 49 for potential modification. again the powershell $users = get-aduser ... is how you filter users. see cmdlet get-aduser.

@Veenhof03
Copy link

Veenhof03 commented Jun 9, 2022

Is there a way to mail with this script to users that have no "DaystoExpire" value and have "PasswordNeverExpires" value enabled? Will the script email users if either one is configured? Or is there an option to add an email to neverexpires users?

such does not make logical sense, TBH. BUT you could easily modify the script. look at the $users = get-aduser ... near line 42 and modify as needed. look at the area that calculates DaysToExpire, then possibly modify the switch statement coptions near line 113.

i have another script that we never put into production that would tell NEW accounts they needed to change there initial password. maybe this is something you would like. please see https://gist.github.com/meoso/f17307bb852930960c1c7fb2d55e967f and review lines 48 & 49 for potential modification. again the powershell $users = get-aduser ... is how you filter users. see cmdlet get-aduser.

I know it doesn't make sense. But thats the wonderfull world of IT-Customers for you ;)
The suggested script works like a charm in this situation, Thnx!

@Robert-Loveless
Copy link

Robert-Loveless commented Jun 13, 2022

NewTimeSpan Error_LI

Anyone else getting these errors? The script was working when I tested a couple days ago but now I'm getting this error.

@meoso
Copy link
Author

meoso commented Jun 13, 2022

Anyone else getting these errors? The script was working when I tested a couple days ago but now I'm getting this error.

I'm not getting those errors -- i copied the example and set my searchbase.
Might be something with rights to powershell, or rights to AD objects 🤷‍♂️

@shujanajmee
Copy link

shujanajmee commented Jul 1, 2022

Anyone had any luck with SMTP authentications, credentials and etc? I got stuck with email going out. The log says "send fail"

I added following to the script to for SMTP credentials:

$smtpCredentialsUsername = "noreply@example.com"
$smtpCredentialsPassword = ConvertTo-SecureString -String ************ -AsPlainText -Force

$smtpServer="smtp.office365.com"
$Creds = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $smtpCredentialsUsername, $smtpCredentialsPassword

Send-Mailmessage -from $from -to $recipient -subject $subject -smtpServer $smtpServer -Credential $creds -UseSsl -Port 587 -body $body -bodyasHTML -priority High -Encoding $textEncoding -ErrorAction Stop -ErrorVariable err

@meoso
Copy link
Author

meoso commented Jul 1, 2022

Anyone had any luck

skimming over it, seems it would work, the only thing i'd say is to check if -usessl is correct, some searching mentions TLS; otherwise nothing comes to mind of why it fails. i have not personally had the displeasure of needing credentials (yet).

@shujanajmee
Copy link

shujanajmee commented Jul 5, 2022

@meoso I was able to get this working with PowerShell 7. Installed the MSI for PS7 and it worked in Win Server 2012 R2. Now I will move on to to get this on a schedule using task scheduler with Powershell 7.

Also, enabled TLS 1.2 on this server, after TLS 1.2 was enabled. I was still getting error message:

Send-Mailmessage : Unable to read data from the transport connection: net_io_connectionclosed.
At line:1 char:1
+ Send-Mailmessage -from $from -to $recipient -subject $subject -smtpSe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
   ion
    + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

Thanks, Shuja

@meoso
Copy link
Author

meoso commented Jul 5, 2022

@shujanajmee
Copy link

shujanajmee commented Jul 5, 2022

@meoso

this line, in PowerShell, did the job:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

@Fauzyx
Copy link

Fauzyx commented Jul 14, 2022

This is great and works as a charm! Thanks for the input.

@0xC
Copy link

0xC commented Aug 10, 2022

Like some others here, this isn't working for me for some reason. The script runs without error and I receive the admin email, but when testing using an account that expires in 4 days, no user notification email is generated and while I can see the script is looking in the correct OU and correctly sees two user accounts, it fails to detect that one of the two has a password that expires in 4 days. I have the script set to 14 days before and the default 3 days after. Since it's not erroring at all, it's hard to troubleshoot.

@meoso
Copy link
Author

meoso commented Aug 10, 2022

Like some others here, this isn't working for me for some reason. The script runs without error and I receive the admin email, but when testing using an account that expires in 4 days, no user notification email is generated and while I can see the script is looking in the correct OU and correctly sees two user accounts, it fails to detect that one of the two has a password that expires in 4 days. I have the script set to 14 days before and the default 3 days after. Since it's not erroring at all, it's hard to troubleshoot.

no clues in the .csv log? i can investigate additional write-host commands in the for each user loop some day soon if you like. or you can add your own for debugging.... look at all the if-then statements to see if something stands out.... user's password must be set for triggers.

@meoso
Copy link
Author

meoso commented Aug 23, 2022

Like some others here, this isn't working for me for some reason.

I've found two instances that were set for -lt (less-than) that i believe should have been -le (less-than-or-equal). i've also added a couple write-host lines for console logging.
image

image

image

You may also un-comment this line for additional debugging:
image

@meoso
Copy link
Author

meoso commented Aug 23, 2022

New "Non-Expiring" statistic added into the script.
please see last few revisions here: https://gist.github.com/meoso/3488ef8e9c77d2beccfd921f991faa64/revisions
(3 today -- 4 if you count version change)
image

@jeremytbeau
Copy link

jeremytbeau commented Sep 9, 2022

I have had this setup for quite some time and receive the admin emails with .csv, although my users are not receiving the emails. I have verified that the email properties in AD are correct. Does this line in the CSV give any tips? (9:45:56 AM","Skipped - Interval")

@meoso
Copy link
Author

meoso commented Sep 9, 2022

Does this line in the CSV give any tips? (9:45:56 AM","Skipped - Interval")

please tell me "version" from the .ps1 file ... i dont have AM/PM specified anywhere as well as don't remember Skipped - Interval text.

@meoso
Copy link
Author

meoso commented Sep 9, 2022

@jeremytbeau , i found the text Skipped - Interval, it exists in Robert Pearman's original script. You'll have to get his support for his script. However the link-back to the Microsoft Original seems "404". i found the script elsewhere (linked below) in which there is an if/then/else which outputs the text in question.

https://windowspoweressentials.com/2017/02/21/powershell-password-reminder-script-updated/ --> https://github.com/titlerequired/public --> PasswordChangeNotification.ps1

look for if(($interval) -Contains($daysToExpire)).

@jeremytbeau
Copy link

jeremytbeau commented Sep 12, 2022

@jeremytbeau
Copy link

jeremytbeau commented Sep 12, 2022

@jeremytbeau , i found the text Skipped - Interval, it exists in Robert Pearman's original script. You'll have to get his support for his script. However the link-back to the Microsoft Original seems "404". i found the script elsewhere (linked below) in which there is an if/then/else which outputs the text in question.

https://windowspoweressentials.com/2017/02/21/powershell-password-reminder-script-updated/ --> https://github.com/titlerequired/public --> PasswordChangeNotification.ps1

look for if(($interval) -Contains($daysToExpire)).

Ahh, sorry about the confusion. Perhaps I'll implement yours since it's newer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment