Blog

Setup Email Notification for Password Expiration

Today we are going to setup an email notification solution for password expiration using a PowerShell script written by Microsoft MVP Robert Pearman.

DISCLAIMER:

  • You must test or validate its behavior before putting it into production.
  • The script has been verified by the author up to Windows Server 2012 R2. Although it works properly for Windows Server 2016, it may not work for your environment. Run it on a test environment first.
  • The script can generate thousands of emails, therefore make sure to include “-testing” in the arguments to only allow the script to send emails to the administrator.

Prerequisites:

  • Management/Admin server with RSAT. Click here to configure RSAT.
  • Password Expiry Email Notification powershell script.
  • Download PasswordChangeNotification.ps1 (the script is being provided as is from ITCROSSFIT as Microsoft has removed it from their site.)

Once you have the prerequisites checked, we can start to configure the email notification solution.

Configuring the script
  1. Place the downloaded script in a directory in your management server. For our example it is C:\Scripts
  2. Create another folder in the same directory for logs. For example C:\Scripts\Logs
  3. Open the file using PowerShell ISE. Move to line 208 and edit the text under $body
powershell ise editor view
Default body section of the script

I am including an example of a customized body section.

powershell ise script editor view
  1. Save the script.
  2. Open PowerShell, navigate to “C:\Scripts” (cd C:\Scripts) or to your directory that has the script and run the following code to test if it is working. To copy the code, click on the button located in the top right corner of the box

If the script runs successfully, you should see a similar output.

powershell script output

You should also receive an email, if you provided a valid email address in -testRecipient

outlook 365 email view

We have configured the script as per our requirement. It can now be used for Email Notification for Password Expiration. Now you can either have an administrator run a script manually when required or we can automate the task to run the script daily and send email notification to end users whose password are about to expire in the defined time period. Follow the steps below to automate PowerShell scripts using Task Scheduler.

Configuring Task Scheduler

Open Task Scheduler and create a task (action > create a task)

  1. In the General tab set name, change the user if you want to run the task under another account dedicated to running scripts and select “Run whether user is logged on or not“.
task scheduler windows server 2016
  1. Set a trigger on the Trigger tab. Select On a schedule in Begin the task. Select Daily. Recur every: 1 days. Set a start time and click OK
trigger tab of task scheduler
  1. Create a new action on the action tab. Select Start a program. Copy the full path to the powershell.exe and add arguments given below. Make sure to remove the -testing and -testRecipient arguments when you are ready to put the script in production environment.

The Action tab should look something similar to the image below

action tab of task scheduler

That is it! We are done automating the task to run the PowerShell script daily. If you need to edit the task, click on Task Scheduler Library > right click on the Task > select properties and you should be able to edit the task as required.

Close Menu