top of page
Search

PowerShell - Get Expiring user accounts

  • Writer: Jon Boyette
    Jon Boyette
  • Apr 15, 2022
  • 1 min read

This is from the sysadminchannel, I save as a Expiring14days.ps1, you can change the days to check, it parses all AD accounts within the days set that are about to expire and gives the days left as well as the last time they reset the password, samaccount name, and if the account is set not to expire

<#

#requires -Module ActiveDirectory

.SYNOPSIS

Checks to see if the account is X days within password expiration.

For updated help and examples refer to -Online version.

.DESCRIPTION

In this example if the $emailDate is set to -80 and $expiredDate is set to -90 it will show all users whos passwords are within 10 days of expiration.

For updated help and examples refer to -Online version.

.NOTES

Name: Get-PasswordExpiredUsers.ps1

Version: 1.0

Author: The Sysadmin Channel

Date of last revision: 3/18/2017

.LINK

https://thesysadminchannel.com/powershell-script-check-password-expirations-in-active-directory -

#>

Import-Module ActiveDirectory

#Set the number of days within expiration. This will start to send the email x number of days before it is expired.

$DaysWithinExpiration = 14

#Set the days where the password is already expired and needs to change. -- Do Not Modify --

$MaxPwdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

$expiredDate = (Get-Date).addDays(-$MaxPwdAge)

#Set the number of days until you would like to begin notifing the users. -- Do Not Modify --

$emailDate = (Get-Date).addDays(-($MaxPwdAge - $DaysWithinExpiration))

#Filters for all users who's password is within $date of expiration.

$ExpiredUsers = Get-ADUser -Filter {(PasswordLastSet -lt $emailDate) -and (PasswordLastSet -gt $expiredDate) -and (PasswordNeverExpires -eq $false) -and (Enabled -eq $true)} -Properties PasswordNeverExpires, PasswordLastSet, Mail | select samaccountname, PasswordLastSet, @{name = "DaysUntilExpired"; Expression = {$_.PasswordLastSet - $ExpiredDate | select -ExpandProperty Days}}, @{name = "EmailAddress"; Expression = {$_.mail}} | Sort-Object PasswordLastSet

$ExpiredUsers | Export-Csv c:\temp\Expiring14Days.csv -NoTypeInformation


 
 
 

Recent Posts

See All
PowerShell - List All Domain SPNs

Save as same List_ALL_SPNs.ps1 or similar, this LDap calls the Domain for all Service Principal names and accounts related #Build LDAP...

 
 
 
PowerShell - Start-Monitoring

This is a great script used to Monitor and Email if a server is up or down, once ran, and smtp and from address is set, then run:...

 
 
 

Comments

Post: Blog2 Post
  • Facebook
  • Twitter
  • LinkedIn

©2022 by Boyette Technical Services. Proudly created with Wix.com

bottom of page