Hello
I have a script that queries AD for all users who's passwords expire shortly and notifies admin. Problem is, the notification I receive includes duplicate items so the same user several times. I tried a few things, like piping variable to -Unique but no success.
Anyone help?
# Uses Quest.ActiveRoles.ADManagement snapin
# Script needs to be run with admin priviledges
# Finds all enabled user accounts whose password expires in less then specified days
# Email notification will be sent to them reminding them that they need to change their password.
#
# Note: This script needs to be run with administrator priviledges.
#
#############
# Variables #
#############
# Days to Password Expiry
$days_before_expiry = 2
$smtp = "***.domain_name"
$from = "ExpiringPassword@**domain_name**"
$admin = "Admin@**domain_name**"
$AdminName = "IT Support"
# Define font and font size
# ` or \ is escape character
$font = "<font size=`"3`" face=`"Calibri`">"
##########################################
# Should require no change below this line
# (Except message body)
##########################################
function Send-Mail{
param($smtpServer,$from,$to,$subject,$body)
$smtp = new-object system.net.mail.smtpClient($SmtpServer)
$mail = new-object System.Net.Mail.MailMessage
$mail.from = $from
$mail.to.add($to)
$mail.subject = $subject
$mail.body = $body
# Send email in HTML format
$mail.IsBodyHtml = $true
$smtp.send($mail)
}
# Newline character
$newline = "<br>"
$today = (Get-date)
Add-PSSnapin "Quest.ActiveRoles.ADManagement"
# Retrieves list of users whose account is enabled, has a passwordexpiry date and whose password expiry date within (is less than) today+$days_before_expiry
$users_to_be_notified = Get-QADUser -SearchRoot '**domain_name/**OU**' -Enabled -passwordNeverExpires:$False |
Where {($_.PasswordExpires -lt $today.AddDays($days_before_expiry)) }
# Send email to notify users
foreach ($user in $users_to_be_notified) {
# Calculate the remaining days
# If result is negative, then it means password has already expired.
# If result is positive, then it means password is expiring soon.
# Excludes users who's password is set to change at next login.
If ($user.PasswordExpires -ne $null) {
$days_remaining = ($user.PasswordExpires - $today).days
# Set font for HTML message
$body = $font
# For users whose password is expiring
# if ($days_remaining -gt 0) {
{
# Add it in a list (to be sent to admin)
$expiring_users += $user.name + " - <font color=blue>" +$user.LogonName + "</font> has <font color=blue>" + $days_remaining +"</font> day(s) remaining left to change his/her password." + $newline
}
}
}
# If there are users with expired password or users whose password is expiring soon
if ($expiring_users -ne $null) {
# Email notification to administrator
$to = $admin
$subject = "Password Expiry Report"
# Message body is in HTML font
$body = $font
$body += "Dear " + $AdminName + ","+ $newline + $newline
$body += "The following users' passwords are expiring soon :" + $newline + $newline
$body += "<b>Users with passwords expiring soon :</b>" + $newline
$body += $expiring_users
# Put a timestamp on the email
$body += $newline + $newline + $newline + $newline
$body += "<h5>Message generated on: " + $today + ".</h5>"
$body += "</font>"
# Invokes the Send-Mail function to send notification email
Send-Mail -smtpServer $smtp -from $from -to $to -subject $subject -body $body
}