This script is handy for users who are not typically on your network (remote access, email only etc…). Normally users are warned at 14 days before expiry unless they are not logging into Active Directory through the workstation in which case they will not receive warnings until the password expires.
Simply set this to run daily and it will locate and email anyone who has a password expiry less than 14 days. To change the criteria, simply modify the If statement.
You need to install the ActiveRoles CmdLets from Quest Software (follow the link in the Gist)
Here’s the code: http://gist.github.com/469656