80 lines
3.0 KiB
PowerShell
80 lines
3.0 KiB
PowerShell
|
# Active Directory Passwort Policy:
|
|||
|
|
$MaxPasswordAge = 365 # Max Password age in days
|
|||
|
|
$WarningLevel = 364 # Warn Users XX Days before Password expires
|
|||
|
|
|
|||
|
|
# Mail Settings:
|
|||
|
|
$SMTPServer = "smtp.media-techport.int"
|
|||
|
|
$FromName = "Media-Techport.DE | Passwort Erinnerung"
|
|||
|
|
$FromEmail = "noreply@media-techport.de"
|
|||
|
|
$Subject = "Dein Passwort muss geändert werden!"
|
|||
|
|
|
|||
|
|
# Funktion zur expliziten Zeichencodierung
|
|||
|
|
function Encode-StringToUTF8 ($inputString) {
|
|||
|
|
$utf8Bytes = [System.Text.Encoding]::UTF8.GetBytes($inputString)
|
|||
|
|
return [System.Text.Encoding]::UTF8.GetString($utf8Bytes)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# Message Template (Mailbody)
|
|||
|
|
function New-MailBody ($GivenName, $Surname, $DaysBeforePasswordchange, $PasswordExpireDate) {
|
|||
|
|
$Mailbody = @"
|
|||
|
|
<html>
|
|||
|
|
<head>
|
|||
|
|
</head>
|
|||
|
|
<body>
|
|||
|
|
Hallo $($GivenName) $($Surname),
|
|||
|
|
<br>
|
|||
|
|
Du erhälst diese E-Mail, da du ein Benutzerkonto auf Media-Techport.DE hast.
|
|||
|
|
<br>
|
|||
|
|
Dein Passwort bei media-techport.de endet am $($PasswordExpireDate).
|
|||
|
|
<br>
|
|||
|
|
Du hast $($DaysBeforePasswordchange) Tage Zeit dein Kennwort zu ändern.
|
|||
|
|
<br>
|
|||
|
|
Wenn du der Passwortänderung nicht nachkommst, wirst du dich bei deinem Administrator melden müssen, damit das Kennwort gesetzt werden kann.
|
|||
|
|
<br>
|
|||
|
|
<br>
|
|||
|
|
Freundliche Grüße
|
|||
|
|
<br>
|
|||
|
|
Media-Techport.DE
|
|||
|
|
</body>
|
|||
|
|
"@
|
|||
|
|
return Encode-StringToUTF8 $Mailbody
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# Import all active AD-Users
|
|||
|
|
$AllADUsers = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties PasswordLastSet, mail
|
|||
|
|
|
|||
|
|
# Calculate expiring passwords and store them in an object
|
|||
|
|
$today = Get-Date
|
|||
|
|
$ExpirePasswordList = @()
|
|||
|
|
foreach ($ADUser in $AllADUsers) {
|
|||
|
|
$GivenName = $ADUser.GivenName
|
|||
|
|
$Surname = $ADUser.Surname
|
|||
|
|
$MailAddress = $ADUser.mail
|
|||
|
|
|
|||
|
|
$PasswordLastSet = $ADUser.PasswordLastSet
|
|||
|
|
$PasswordExpireDate = $PasswordLastSet.AddDays(+$MaxPasswordAge)
|
|||
|
|
|
|||
|
|
$DaysBeforePasswordchange = ($PasswordExpireDate - $today).Days
|
|||
|
|
if ($DaysBeforePasswordchange -le $WarningLevel) {
|
|||
|
|
$ExpirePasswordList += New-Object PSObject -property @{Givenname=$Givenname;Surname=$Surname;MailAddress=$MailAddress;DaysBeforePasswordchange=$DaysBeforePasswordchange;PasswordExpireDate=$PasswordExpireDate}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# Filter Users with Mailaddresses
|
|||
|
|
$ExpirePasswordList = $ExpirePasswordList | Where-Object {$_.mailaddress}
|
|||
|
|
|
|||
|
|
# Send mail to every user with expired password
|
|||
|
|
foreach ($ADUser in $ExpirePasswordList) {
|
|||
|
|
$GivenName = $ADUser.GivenName
|
|||
|
|
$Surname = $ADUser.Surname
|
|||
|
|
$MailAddress = $ADUser.MailAddress
|
|||
|
|
$DaysBeforePasswordchange = $ADUser.DaysBeforePasswordchange
|
|||
|
|
$PasswordExpireDate = $ADUser.PasswordExpireDate
|
|||
|
|
|
|||
|
|
$Body = New-MailBody $GivenName $Surname $DaysBeforePasswordchange $PasswordExpireDate
|
|||
|
|
|
|||
|
|
# Erstelle den "From" Header mit Sendername und E-Mail-Adresse
|
|||
|
|
$FromHeader = "{0} <{1}>" -f $FromName, $FromEmail
|
|||
|
|
|
|||
|
|
Send-MailMessage -SmtpServer $SMTPServer -To $MailAddress -From $FromHeader -Body $Body -BodyAsHtml -Subject $Subject -Encoding ([System.Text.Encoding]::UTF8)
|
|||
|
|
}
|