Monday, October 19, 2015

Уведомления пользователей по мылу о смене пароля в домене

И опять я один....
Ситуация, есть домен, есть много пользователей которые забывают сменить пароль, не смотря на все упоминания системы, в связи с этим скрипт, напоминающий по почте
взято отсюда, в общем спасибо RobertPearman

#################################################################################################################
# 
# Version 1.3 April 2015
# Robert Pearman (WSSMB MVP)
# TitleRequired.com
# Script to Automated Email Reminders when Users Passwords due to Expire.
#
# Requires: Windows PowerShell Module for Active Directory
#
# For assistance and ideas, visit the TechNet Gallery Q&A Page. http://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27/view/Discussions#content
#
##################################################################################################################
# Please Configure the following variables....
$smtpServer="rl-mx-1.rl.int"
$expireindays = 10
$from = "Administrator <dyachok@rl.ua>"
$logging = "Enabled" # Set to Disabled to Disable Logging or Enabled
$logFile = "c:\log\mylog.csv" # ie. c:\mylog.csv
$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient = "dyachok@rl.ua"
$date = Get-Date -format ddMMyyyy
#
###################################################################################################################

# Check Logging Settings
if (($logging) -eq "Enabled")
{
    # Test Log File Path
    $logfilePath = (Test-Path $logFile)
    if (($logFilePath) -ne "True")
    {
        # Create CSV File and Headers
        New-Item $logfile -ItemType File
        Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn"
    }
} # End Logging Check

# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

# Process Each User for Password Expiry
foreach ($user in $users)
{
    $Name = $user.Name
    $emailaddress = $user.emailaddress
    $passwordSetDate = $user.PasswordLastSet
    $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
    # Check for Fine Grained Password
    if (($PasswordPol) -ne $null)
    {
        $maxPasswordAge = ($PasswordPol).MaxPasswordAge
    }
    else
    {
        # No FGP set to Domain Default
        $maxPasswordAge = $DefaultmaxPasswordAge
    }

  
    $expireson = $passwordsetdate + $maxPasswordAge
    $today = (get-date)
    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
        
    # Set Greeting based on Number of Days to Expiry.

    # Check Number of Days to Expiry
    $messageDays = $daystoexpire

    if (($messageDays) -ge "1")
    {
        $messageDays = "в течении " + "$daystoexpire" + " дней."
    }
    else
    {
        $messageDays = "сегодня."
    }

    # Email Subject Set Here

  

    $subject="Ваш пароль устареет $messageDays"

    $encoding = [System.Text.Encoding]::UTF8

    # Email Body Set Here, Note You can use HTML, including Images.
    $body ="
    Уважаемый $name,
    <p> Рекомендуется изменить ваш пароль, пароль необходимо изменить $messageDays<br>
    Чтобы изменить пароль на доменном компьютере, нажмите клавиши Ctlr+ALt+Delete <br>
    (или же вы работаете на удаленно рабочем столе (терминале), нажимет клавиши Ctlr+ALt+End) <br>
    и выберите 'Сменить пароль...' <br>
    <p>С уважением, robot<br> 
    </P>"

   
    # If Testing Is Enabled - Email Administrator
    if (($testing) -eq "Enabled")
    {
        $emailaddress = $testRecipient
    } # End Testing

    # If a user has no email address listed
    if (($emailaddress) -eq $null)
    {
        $emailaddress = $testRecipient    
    }# End No Valid Email

    # Send Email Message
    if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))
    {
         # If Logging is Enabled Log Details
        if (($logging) -eq "Enabled")
        {
            Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson" 
        }
        # Send Email Message
        Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High  -Encoding $encoding

    } # End Send Message
    
} # End User Processing



# End
on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)