Since upgrading my workplace to Windows 7 my department got a lot of complaints from users that they no longer knew when their passwords would expire. As you’re probably aware, the little balloon box in Windows 7 isn’t all that noticeable compared to the dialogue box Windows XP threw requiring you to actually acknowledge the notice.
Two years ago I hacked a little PowerShell script that sent off a text based email to each user when their password was close to expire. It worked well, as ugly as it was, but I wanted to build in reporting. I ended up re-writing it, and today I’m releasing it into the wild.
Let me introduce to you the Active Directory Password Expiry Notification script, or ADPEN.
Written in PowerShell, ADPEN quickly combs through Active Directory in search of enabled users and sends them a pretty HTML notification email when their password has, or is about to expire.
ADPEN is also capable of sending a report allowing administrators to know who can’t log in and who will have their password expire that day. This is useful in quickly troubleshooting why users have log in problems.
You can run the Active Directory password expiry notification script from within PowerShell, but the best way is to use the Task Scheduler on any domain controller and run daily from there. I highly recommend you sign the ADPEN script to work in your environment.
ADPEN works well but is a little rough around the edges. There is some code duplication and other things that could be cleaned up, but for a quick script its alright.
I’ve modified MailChimp’s Email-Blueprints base_boxed_basic_query.html and utilized Brice Lambson’s simple template engine for PowerShell for parsing through that template.
There are several variables that need to be set in order for the script to run, but I’ve documented it as well as I could and it should be easy to understand.
The simplest way to get things up and running is to go to my github repository richardfleming/adpen where you can clone as well as find full instructions on how to configure and use ADPEN.
I hope you find this script useful! I’ve licensed this under the MIT license meaning you can do whatever you want with the script. My only wish is that any changes you make, to please merge them back so everyone can benefit.