I thought this was a cool solution to let our Exchange users know their passwords are about to expire within 14 days, giving them an opportunity to change them before they do. Changing passwords is NOT possible out of the box via OWA with Exchange 2013....and I've seen quite a few sample scripts out there to try and cope with the same thing. Because it's enviable that somebody will be away, on vacation, or off on maternity leave, their password expires and now it's an urgent help desk call!
So...here's the script ....the heart of it really is the "msDS-UserPasswordExpiryTimeComputed" attribute that gets converted to an actual date. The current date is then subtracted to from the expirytime date to get the number of days remaining. A great blog post from Andreas helped me out here:
http://ahultgren.blogspot.com/2011/05/powershell-active-directory-and.html
Check it out...it explains the attribute calculations very well. So, all that get's wrapped up in a Foreach for every user parsed in your AD, and if the calculated days remaining are between 14 and 0, they'll get sent in email message via the Send-Mailmessage line at the bottom. Pop that into a scheduled task and you're good to go....
Ok tech peeps...hope this helps you out and results in happy exchange users!
*****************************************************************************
clear-host
Write-host "Script by DTopo 2014" -ForegroundColor Green
$ErrorActionPreference= 'silentlycontinue' # "needed to stop execution errors from displaying"
$adusers= Get-ADUser -filter ‘Enabled -eq $true -and PasswordNeverExpires -eq $false -and PasswordExpired -eq $false’ -SearchBase "OU=Users,OU=NY,DC=yourdomain,DC=com" -properties passwordlastset,passwordneverexpires,mail
foreach ($user in $adusers)
{$til = (([datetime]::FromFileTime((get-aduser $user -ErrorAction SilentlyContinue -properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed"))-(get-date)).days
if(($til -lt "14") -and ($til -gt 0)) {write-host $user.Name "last set their password on " $user.passwordlastset "it will expire again in " $til " days" -foregroundcolor cyan
$tpsuser=$user.Name
$emailaddress=$user.mail
echo $emailaddress
echo $tpsuser
$body =”
Dear $tpsuser,
<p> Your Windows/Email Password will expire in $til days!<br>
<br>
To change your password on a company PC, press CTRL ALT Delete and choose Change Password<br>
<br>
If you are not on a district PC, please login to your OWA webmail (https://mail.yourdomain.com/owa), click on the little gear in upper right corner-choose Options, then Settings, then Password<br>
<br>
NOTE: If you change your Windows/Email Password, you must also change it on your Mobile Device (iPhone, iPad, Android).<br>
<br>
**Also, if your password has already expired, you will NOT be able to use OWA to change it. You will then need to log on to a district PC.**<br>
<br>
<p>If you need assistance, please contact your building technician or call Technology...<br>
<br>
<br>
<p>Thank you.......<br>
<br>
Technology Department<br>
Your Company<br>
xxx-XXX-xxxx
</P>”
Send-Mailmessage -smtpServer mail.yourdomain.com -from noreply@yourdomain.com -to $emailaddress -Cc "somebody@yourdomain.com","somebodyelse@yourdomain.com" -subject "TPS Password will expire in $til days" -body $body -bodyasHTML -priority High -Verbose
}
}
