theangryangel/warn-expiring-passwords.ps1

## warn-expiring-passwords.ps1
import-module ActiveDirectory;

$smtpserver = "server.example.com"
$smtpport = 25
$smtpfrom = "something@example.com"

$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

Get-ADUser -filter * -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName | % {

	$today = get-date
	$name = $_.GivenName
	$email = $_.EmailAddress

	if (!$_.PasswordExpired -and !$_.PasswordNeverExpires)
	{
		$expirydate = $_.PasswordLastSet + $maxPasswordAgeTimeSpan
		$daysleft = ($expirydate-$today).days

		if ($daysleft -le 7 -and $daysleft -gt 0)
		{
			write-output "Emailing $name"

			$msg = "Hi $name,

Your Windows login password will expire in $daysleft days.
You can either change your password via webmail or via your Windows desktop.
You will have to enter your new password into your DOMAIN connected mobile device if prompted. Failure to do so will result in your account getting locked out.

Requirements for the password are as follows:
 * Must not contain the user's account name or parts of the user's full name that exceed two consecutive characters
 * Must not be one of your last 7 passwords
 * Contain characters from three of the following four categories:
 * English uppercase characters (A through Z)
 * English lowercase characters (a through z)
 * Base 10 digits (0 through 9)
 * Non-alphabetic characters (for example, !, $, #, %)"

			Send-MailMessage -to $email -from $smtpfrom -Subject "Password Reminder: Your password will expire in $daysleft days" -body $msg -smtpserver $smtpserver -port $smtpport
		}
	}
}
	import-module ActiveDirectory;

	$smtpserver = "server.example.com"
	$smtpport = 25
	$smtpfrom = "something@example.com"

	$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

	Get-ADUser -filter * -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName \| % {

	$today = get-date
	$name = $_.GivenName
	$email = $_.EmailAddress

	if (!$_.PasswordExpired -and !$_.PasswordNeverExpires)
	{
	$expirydate = $_.PasswordLastSet + $maxPasswordAgeTimeSpan
	$daysleft = ($expirydate-$today).days

	if ($daysleft -le 7 -and $daysleft -gt 0)
	{
	write-output "Emailing $name"

	$msg = "Hi $name,

	Your Windows login password will expire in $daysleft days.
	You can either change your password via webmail or via your Windows desktop.
	You will have to enter your new password into your DOMAIN connected mobile device if prompted. Failure to do so will result in your account getting locked out.

	Requirements for the password are as follows:
	* Must not contain the user's account name or parts of the user's full name that exceed two consecutive characters
	* Must not be one of your last 7 passwords
	* Contain characters from three of the following four categories:
	* English uppercase characters (A through Z)
	* English lowercase characters (a through z)
	* Base 10 digits (0 through 9)
	* Non-alphabetic characters (for example, !, $, #, %)"

	Send-MailMessage -to $email -from $smtpfrom -Subject "Password Reminder: Your password will expire in $daysleft days" -body $msg -smtpserver $smtpserver -port $smtpport
	}
	}
	}