PowerShell – Active Directory – Email users with password expiry < 14 days

PowerShell – Active Directory – Email users with password expiry under 14 daysPowerShell

This script is handy for users who are not typically on your network (remote access, email only etc…). Normally users are warned at 14 days before expiry unless they are not logging into Active Directory through the workstation in which case they will not receive warnings until the password expires.

Simply set this to run daily and it will locate and email anyone who has a password expiry less than 14 days. To change the criteria, simply modify the If statement.

You need to install the ActiveRoles CmdLets from Quest Software (follow the link in the Gist)

Here’s the code: http://gist.github.com/469656

PowerShell Script
Email Password Expiry Under 14 days

2 thoughts on “PowerShell – Active Directory – Email users with password expiry < 14 days”

  1. Hey,

    Thanks for the useful post. Will this work on Powershell V1? (SBS2003).

    Alternatively will this work on on server 2008 that’s literally just running file and print?

    We have two servers, an sbs 2003 running the show and server2008 literally just running as a file and print server (Not my choice mind..)


    • Hi Matt,

      This brings up a great challenge. There is no Send-MailMessage CmdLet in PowerShell 1.0 which leaves us with 2 choices:

      1. Deploy PowerShell and the Windows Management Framework version 2 to add PowerShell 2 (http://support.microsoft.com/kb/968930)
      2. Craft the mail send process with PowerShell 1.0 CmdLets and code

      Ideally, I’d recommend updating the PowerShell environment so that you can leverage other great improvements that came with 2.0, but if that’s not an option let me know and I can craft together an appropriate mail handler for 1.0




Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.