1

Hi I have the below script which emails users who's passwords are due to expire in $daysleftonpwd, but not sure how to add in an "only if user has password set to expire" meaning I don't want to email users who's password is set to next expire. 

Get-QADGroupMember -Identity TEAM_GROUP | % {
$name = $_.Name
$email = $_.Email
$daysleftonpwd = ((Get-QADUser -SizeLimit 0 -SearchRoot $OU -Identity $_.SamAccountName | select PasswordExpires).PasswordExpires - $date | select Days).Days
if (((Get-QADUser -Identity $_.SamAccountName | select PasswordExpires).PasswordExpires - $date).Days -lt $threshold){

    Write-Host "$Name would be emailed using $email because password is less than $threshold"
    $y = $y + "<br>$name</br>"
    mailuser
}

Any ideas?

IRLAB
  • 11
  • 1

1 Answers1

1

One of the fields that Get-QADUser returns is PasswordNeverExpires:

PS C:\> ( Get-QADUser regularuser ).PasswordNeverExpires
False
PS C:\> ( Get-QADUser specialuser ).PasswordNeverExpires
True

Should be easy enough to use that in your scripts to test. There's other ways to check it directly (you have to look at both UserAccountControl -- https://msdn.microsoft.com/en-us/library/ms680832%28v=vs.85%29.aspx AND msDS-User-Account-Control-Computed -- https://msdn.microsoft.com/en-us/library/ms677840%28v=vs.85%29.aspx), but that's a bit uglier...

Hunter Eidson
  • 1,896
  • 14
  • 23