Powershell‎ > ‎User / Groups‎ > ‎

Passwords Never Expire

This script creates an email with a list of accounts that have passwords set to never expire.

IF (Get-PSSnapin | where {$_.name -eq "quest.activeroles.admanagement"}) 
    {write-host "Quest Active Roles snapin already loaded"}
Else
    {add-PSSnapin  quest.activeroles.admanagement}
	
$ExportFileName ="C:\Scripts\Output\PasswordNeverExpire.csv"
$NeverExpiresList = Get-QADUser -enabled -PasswordNeverExpires | select name, 
	samaccountname, description, lastlogonTimeStamp, whencreated, 
	PasswordLastSet, parentcontainer, passwordstatus | 
	where {$_.parentContainer -notmatch "blah.corp/Services*" `
	-and $_.parentContainer -notmatch "blah.corp/People/CustomUsers/*" `
	-and $_.parentContainer -notmatch "blah.corp/Conference Rooms"} |
	sort PasswordLastSet 
 
$smtpServer = "mail.blah.com"
$To = "Kevin Curran <kcurran@blah.com>"
$From = "AD Reporting <ADReporting@blah.com>"
$Attachments = $ExportFileName

If ($NeverExpiresList -eq $null) 
    {Write-Host "No matching accounts have been found"}
Else {
	$NeverExpiresList | Export-Csv -notype $ExportFileName
	$message = "The following accounts have password that are set to never expire. `r`n`r`n"
	$message = $message + $(foreach ($user in $NeverExpiresList) {$($user.name) + "`r`n"}) + "`r`n"
	$message = $message + "There are 2 options to handle these accounts. `r`n"
	$message = $message + "Option 1. If this is unnecessary please uncheck the `"Password never expires`" on these accounts.`r`n"
	$message = $message + "Option 2. If this is required for this account please: `r`n"
	$message = $message + "    1: Create a change control to document approval for this exception.`r`n"
	$message = $message + "    2: Update the account description to explain why this is needed include Aproval Ticket Number`r`n"
	$message = $message + "    3: After approval move the account to one of the excluded OUs listed below `r`n`r`n"
	$message = $message + "If the account does not fit properly into one of the OUs listed please inform "
	$message = $message + "IT so that this script can be modified to make an exception.`r`n`r`n"
	$message = $message + "This script is excluding the following OUs `r`n"
	$message = $message + "blah.corp/Services* `r`n"
	$message = $message + "blah.corp/People/CustomUsers/* `r`n"
	$message = $message + "blah.corp/Conference Rooms `r`n`r`n"
	$message = $message + "Please see the attached file for more details `r`n`r`n"
	$message = $message + "This script was run by " + $env:username + " on " + $env:COMPUTERNAME  + "`r`n"
	$message = $message + "ScriptName: $($MyInvocation.MyCommand) `r`n"
$message = $message + "Script path: $(Split-Path -Parent $MyInvocation.MyCommand.Path)"

	Send-MailMessage -From $From -To $To -SmtpServer $smtpServer `
		-Subject "Users with Password Never Expires set" -Body $message -Attachments $Attachments
}

  

Comments