Notify Windows Users that their password will expire within 14 days.


<#
######################################################################################
Author:       Brian T Hunter
Date:         11/18/2022
###############################
#requires -Module ActiveDirectory
 
 
.SYNOPSIS
    Checks to see if the account from 42 days within password expiration and email windwows users,
    Their password will expire soon.  User will recieve an email counting down from 14 day to 0 day.

    For updated help and examples refer to -Online version.
  
.DESCRIPTION
    In this example if the $emailDate is set to -80 and $expiredDate is set to -90 it will show all users whos passwords are within 10 days of expiration.
    For updated help and examples refer to -Online version.
  
.NOTES
    Name: Get-PasswordExpiredUsers.ps1
    Version: 1.0
    Author: The Sysadmin Channel
    Date of last revision: 3/18/2017
  
.LINK
    https://thesysadminchannel.com/powershell-script-check-password-expirations-in-active-directory -
 
######################################################################################
 
 #>

  
Import-Module ActiveDirectory
 
#Set the number of days within expiration.  This will start to send the email x number of days before it is expired.
$DaysWithinExpiration = 14
 
#Set the days where the password is already expired and needs to change. -- Do Not Modify --
$MaxPwdAge   = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
$expiredDate = (Get-Date).addDays(-$MaxPwdAge)
 
#Set the number of days until you would like to begin notifing the users. -- Do Not Modify --
$emailDate = (Get-Date).addDays(-($MaxPwdAge - $DaysWithinExpiration))
 
#Filters for all users who's password is within $date of expiration.
$ExpiredUsers = Get-ADUser -Filter {(PasswordLastSet -lt $emailDate) -and (PasswordLastSet -gt $expiredDate) -and (PasswordNeverExpires -eq $false) -and (Enabled -eq $true)} -Properties PasswordNeverExpires, PasswordLastSet, Mail | select GivenName, samaccountname, PasswordLastSet, @{name = "DaysUntilExpired"; Expression = {$_.PasswordLastSet - $ExpiredDate | select -ExpandProperty Days}}, @{name = "EmailAddress"; Expression = {$_.mail}} | Sort-Object PasswordLastSet
 
# $ExpiredUsers   #Comment this out so there is no STDOUT

Start-Sleep 5
 
Foreach ($User in $ExpiredUsers) {
    # Creating .NET Objects
    $msg = new-object Net.Mail.MailMessage

    $UserName = $User.SamAccountName
    $Name = $User.GivenName
                      
    # Setting up the email parameters.
    $msg.From = "itsec@" + ($env:userdnsdomain).ToLower()
    $msg.To.Add($User.EmailAddress)
    #$msg.To.Add("bhunter@hchent.com")        
     
    $msg.Subject = "Your Password Will Expire in " + $User.DaysUntilExpired + " days"
    $msg.Body = "Hello $Name,`n`nThis email is to notify you that your password will expire in " + $User.DaysUntilExpired + " days.
    `nPlease consider changing it to avoid any service interruptions. 
    `nPlease update your password at https://passwordreset.microsoftonline.com/ 
    `nAs an VPN User, after you reset your password, please do the following:
        1. Disconnect and reconnect to HCH-VPN with your new password
        2. Lock your computer, Unlock your computer with your new password
        3. Input new password when prompted by Outlook
            a. UserName: HCHENT\$UserName
            b. Password: Your New Password
        4. When prompted by Microsoft Teams, enter your new login information
            a. Username: $UserName@hchent.com
            b. Password: Your New Password
    `n`nThank you,`nThe I.T. Department."
 
 
 
    $smtpServer = "smtp.office365.com"
    $smtp = new-object Net.Mail.SmtpClient($smtpServer,"25")
    $smtp.EnableSsl = $true;
    $smtp.Credentials = New-Object System.Net.NetworkCredential("itsec@hchent.com", "HCHS3cOps2030!");
    $smtp.Send($msg)

       
    Start-Sleep 2
    Remove-Variable msg
    Remove-Variable smtp
    Remove-Variable smtpServer
}