Well my first week of having this blog up has NOT been
productive at all to say the least. Thought I’d have more time to do this sort
of thing but turns out, maybe I was wrong? Welp, guess I have to set aside some
time to make this happen.
So lets start this out on an Office 365 password expiring
alerting email I created. In some smaller environments it is possible you are
not using AD FS or DirSync, and I suppose some larger companies could have the
same. This script goes through each user accounts and determines when their
last password was set, adds 180 days (could be changed) and counts down from
there on how many days the user has until their password expires. Currently the
email is sent to the “Help Desk” so the agents may reach out to the customer
for white glove service and assist them with their password reset. However you
could change this to the $USER and have it go to the customer (your end user)
if you so wish.
Enjoy!
$date = get-date -Format MMddyyyy
#Make Office 365 Connection$emailusername = "user@domain.com"
$encrypted = 'HASH' | ConvertTo-SecureString
Start-Transcript -path "C:\reports\O365PasswordExpire_$date.log" -force -NoClobber -append
$credential = New-Object System.Management.Automation.PsCredential($emailusername, $encrypted)
#$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $O365Session -AllowClobber
Connect-MsolService –Credential $credential
#Make local webservices connection
#Get system Date
$CSVDate = Get-Date -Format MMddyyyy
#Sets up the CSV File to email to service-desk for passwords that are expired
Add-Content C:\reports\O365PWExpire_$CSVDate.csv "User,Password_last_set,Password_expired_on"
#Sets days of advance notice
$AdvancedWarning="14"
$AdvancedWarning2 = "7"
#Begin Script
#Gets all uers from MS Online.
$MSOnline = (Get-MsolUser).UserPrincipalName
#Go through each user returned
ForEach($User in $MSOnline)
{
$PWLastSet = (Get-MSOLUSER -UserPrincipalName $user).lastpasswordchangetimestamp
If ($PWLastSet -ne $null)
{
$PW180 = ($PWlastset).Adddays(180)
$PWExpire = ($PW180-[DateTime]::Now).Days
IF ($PWExpire -le 0)
{
Write-host $user password expired on $pw180
$Content = "$User,$pwlastset,$pw180"
Add-Content C:\reports\PWExpire_$CSVDate.csv $Content
}
else
{
If ($PWExpire -eq $AdvancedWarning -or $PWExpire -eq $AdvancedWarning2)
{
#####
# Provides exception on specific user names if you have passwords set to never expire
If ($User -eq "username" -or $user -eq "username2")
{Write-Host User is predefined to be ignored, skipping}
else
{
write-host EXPIRING! $user password will expire on $pw180 that is $pwexpire days
$Subject = "COMPANY - Office 365 password for $user is going to expire!"
$Body = "$user password will expire on $pw180"
#if you want the email to go to the user change "help@domain.com" to $User
Send-MailMessage -to "help@domain.com" -from help@domain.com -Subject $Subject -Body $body -SmtpServer "SMTPSERVER"
}
############
}
else
{
Write-Host $user has $pwexpire days left.
}
}
}
}
Remove-PSSession $O365Session
Stop-Transcript
