Powershell‎ > ‎User / Groups‎ > ‎

Passwords Never Expire

This script creates an email with a list of accounts that have passwords set to never expire.

IF (Get-PSSnapin | where {$_.name -eq "quest.activeroles.admanagement"}) {write-host "Quest Active Roles snapin already loaded"} Else {add-PSSnapin quest.activeroles.admanagement} $ExportFileName ="C:\Scripts\Output\PasswordNeverExpire.csv" $NeverExpiresList = Get-QADUser -enabled -PasswordNeverExpires | select name, samaccountname, description, lastlogonTimeStamp, whencreated, PasswordLastSet, parentcontainer, passwordstatus | where {$_.parentContainer -notmatch "blah.corp/Services*" ` -and $_.parentContainer -notmatch "blah.corp/People/CustomUsers/*" ` -and $_.parentContainer -notmatch "blah.corp/Conference Rooms"} | sort PasswordLastSet $smtpServer = "mail.blah.com" $To = "Kevin Curran <kcurran@blah.com>" $From = "AD Reporting <ADReporting@blah.com>" $Attachments = $ExportFileName If ($NeverExpiresList -eq $null) {Write-Host "No matching accounts have been found"} Else { $NeverExpiresList | Export-Csv -notype $ExportFileName $message = "The following accounts have password that are set to never expire. `r`n`r`n" $message = $message + $(foreach ($user in $NeverExpiresList) {$($user.name) + "`r`n"}) + "`r`n" $message = $message + "There are 2 options to handle these accounts. `r`n" $message = $message + "Option 1. If this is unnecessary please uncheck the `"Password never expires`" on these accounts.`r`n" $message = $message + "Option 2. If this is required for this account please: `r`n" $message = $message + " 1: Create a change control to document approval for this exception.`r`n" $message = $message + " 2: Update the account description to explain why this is needed include Aproval Ticket Number`r`n" $message = $message + " 3: After approval move the account to one of the excluded OUs listed below `r`n`r`n" $message = $message + "If the account does not fit properly into one of the OUs listed please inform " $message = $message + "IT so that this script can be modified to make an exception.`r`n`r`n" $message = $message + "This script is excluding the following OUs `r`n" $message = $message + "blah.corp/Services* `r`n" $message = $message + "blah.corp/People/CustomUsers/* `r`n" $message = $message + "blah.corp/Conference Rooms `r`n`r`n" $message = $message + "Please see the attached file for more details `r`n`r`n" $message = $message + "This script was run by " + $env:username + " on " + $env:COMPUTERNAME + "`r`n" $message = $message + "ScriptName: $($MyInvocation.MyCommand) `r`n" $message = $message + "Script path: $(Split-Path -Parent $MyInvocation.MyCommand.Path)" Send-MailMessage -From $From -To $To -SmtpServer $smtpServer ` -Subject "Users with Password Never Expires set" -Body $message -Attachments $Attachments }