-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget-password_expiring_in_14_days_splat.ps1
123 lines (90 loc) · 3.25 KB
/
get-password_expiring_in_14_days_splat.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
function Send-Report {
<#
.NAME
Send-Report
.SYNOPSIS
This function sends out the password expiration report to Bob
.DESCRIPTION
.PARAMETERS
$file...This is the .csv file that was created in the main body of the script
$date...this is today's date
.EXAMPLE
Sent-Report c:\documents\help.csv $today_date
.INPUTS
none
.OUTPUTS
An email is sent to the approropriate individuals and groups
.NOTES
AUTHOR: Mike Egan
LASTEDIT: 11/1/2022
KEYWORDS: send, email, function, parameter, mail
.Link
none
#>
param (
[Parameter(Mandatory=$true)] $file
,[Parameter(Mandatory=$true)] $date
)
# Below is an example of splatting. I am putting all the variables in an array.
$sendMailTask = @{
Smtpserver = "smtp.my.com"
To = "[email protected]"
From = "[email protected]"
Subject = "MR Password Expiry Report for" + " " + (get-date -format MM/dd/yyyy)
Body = @"
Greetings!
Here is the Managed Review Expiry report for $date
Thank you!
"@
attachments = "c:\reports\expire_report.csv"
}
# I used the array information to run the send-mailmessage instead of having the long command
Send-MailMessage @sendMailTask
}
<#
.NAME
get-passwords_expiring_in_14_days.ps1
.SYNOPSIS
Pulls user password expiration date and saves the information to a .csvfile.
NOTE: This script should be run as Administrator
.DESCRIPTION
.PARAMETERS
no parameters are needed
.EXAMPLE
get-password.expiring_in_14_days.ps1
.INPUTS
none
.OUTPUTS
The .csv file created in the last command
.NOTES
AUTHOR: Mike Egan
LASTEDIT: 11/1/2022
KEYWORDS: password, expiration
This script should be run as Administrator
.Link
none
#>
# gather all the accounts that meet the following criteria
# 1. The account is enabled
# 2. The account is active (UAC = 512)
# 3. The account is in OU=users,DC=My,DC=Com
#
# NOTE: the -SearchBase switch is optional. It is used in this script to narrow the focus of the search
$today_date = get-date -Format "MM/dd/yyyy"
$users = Get-ADUser -filter {Enabled -eq $True -and UserAccountControl -eq 512} -SearchBase "OU=users,DC=My,DC=Com" -Properties "DisplayName","pwdLastSet","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "DisplayName",@{Name="Password Last Set";Expression={[datetime]::FromFileTime($_."pwdLastSet")}}, @{Name="Password Expiry Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort-object DisplayName
$expiring_users = foreach($user in $users)
{
if ($user.'Password Expiry Date' -ge (get-date).Date -and $user.'Password Expiry Date' -lt (get-date).AddDays(+14))
{
# the `t is the text code for a Tab
$user.DisplayName + "`t" + $user.'Password Expiry Date'
}
}
#Save the base file
$expiring_users | out-file c:\files\expiring_users.csv -Force
#creates the final report
$filename = "Expiring Users" + "_" + (get-date -Format "MMddyyyy") + ".csv"
#Adds the necessary headers for the report by combining the headers.csv file with the expiring_users.csv and, thus, populating the final report
get-content c:\files\headers.csv,c:\files\expiring_users.csv | out-file c:\reports\$filename -Force
#runs the function
send-report c:\reports\$filename $today_date