0

On-prem Exchange script.

The first ForEach segement is not able to meld with rest of code. I believe it doesn't like the curly braces used to encase the first get-aduser clause just before the first pipe.

3 sections to this code: one churns through users based on specific OU and other parameters to send the users in the password expiration email.

Second sends the email to the user.

Third sends an email to the IT Admin so they are aware of the upcoming expiring users.

Import-Module ActiveDirectory

$maxdays=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.TotalDays
$summarybody="Name `t ExpireDate `t DaysToExpire `n"
$OUs=
"OU=Second Party,OU=Users,DC=contoso,DC=local",
"OU=First Party, OU=Users,DC=Contoso, DC=local"


$OUs | Foreach 
{(Get-ADUser -SearchBase $_ -filter {(mail -like "*@contoso.com" -or mail -like "*@contoso2.com") -and (Enabled -eq "True") -and (PasswordNeverExpires -eq "False")} -properties *)} | Sort-Object pwdLastSet |
ForEach-Object {

    $lastset=Get-Date([System.DateTime]::FromFileTimeUtc($_.pwdLastSet))
    $expires=$lastset.AddDays($maxdays).ToShortDateString()
    $daystoexpire=[math]::round((New-TimeSpan -Start $(Get-Date) -End $expires).TotalDays)
    $samname = $_.samaccountname
    $emailaddress = $_.mail
    $firstname=$_.GivenName
    if (($daystoexpire -eq 7) -or ($daystoexpire -eq 5) -or ($daystoexpire -eq 3) -or ($daystoexpire -eq 1) -or ($daystoexpire -eq 0)) {
        $ThereAreExpiring=$true
         
        $emailFrom = "No-Reply@contoso.com"
        $emailTo = "$emailaddress"
        if ($daystoexpire -eq 0) {
            $subject = "$firstname, your password has expired!"
            $body = "$firstname,
Your password has expired and you must change it immediately. No further email notifications will be sent. 

Thank You"
        }
        Else {
            $subject = "$firstname, your password expires in $daystoexpire day(s)!"
            $body = "$firstname,
Your password expires in $daystoexpire day(s).

Thank You
"
        }
        $smtpServer = "smtp.contoso.local"
        $smtp = new-object Net.Mail.SmtpClient($smtpServer)
        Send-MailMessage -From $emailFrom -To $emailTo -Subject $subject -Body $body -SmtpServer $smtpServer
        $summarybody += "$samname `t $expires `t $daystoexpire `n"
    }
    elseif ($daystoexpire -lt 0) {
        $ThereAreExpiring=$true
        $summarybody += "$samname `t $expires `t $daystoexpire `n"
    }
}
if ($ThereAreExpiring) {
    
    $emailFrom = "No-Reply@contoso.com"
    $emailTo = "itadmin@contoso.com"
    $subject = " Expiring Passwords"
    $body = $summarybody
    $smtpServer = "smtp.contoso.local"
    $smtp = new-object Net.Mail.SmtpClient($smtpServer)
    
    Send-MailMessage -From $emailFrom -To $emailTo -Subject $subject -Body $body -SmtpServer $smtpServer
}
Alika Seoulrok Ali'i Stricker
  • 1
  • what does breaking mean? Not sure if it was on accident but, the opening brace after your foreach has to be on the same line, or you need to tell powershell there's more by providing a backtick. – Abraham Zinala Aug 19 '22 at 00:29
  • Does it work if you replace the "True" with `$true` and "False" with `$false` ? – Guy S Aug 19 '22 at 00:34

0 Answers0