# Active Directory Passwort Policy:
$MaxPasswordAge = 365     # Max Password age in days
$WarningLevel = 364      # Warn Users XX Days before Password expires

# Mail Settings:
$SMTPServer = "smtp.media-techport.int"
$FromName = "Media-Techport.DE | Passwort Erinnerung"
$FromEmail = "noreply@media-techport.de"
$Subject = "Dein Passwort muss geändert werden!"

# Funktion zur expliziten Zeichencodierung
function Encode-StringToUTF8 ($inputString) {
    $utf8Bytes = [System.Text.Encoding]::UTF8.GetBytes($inputString)
    return [System.Text.Encoding]::UTF8.GetString($utf8Bytes)
}

# Message Template (Mailbody)
function New-MailBody ($GivenName, $Surname, $DaysBeforePasswordchange, $PasswordExpireDate) {
    $Mailbody = @"
    <html>
    <head>
    </head>
    <body>
     Hallo $($GivenName) $($Surname),
     <br>
     Du erhälst diese E-Mail, da du ein Benutzerkonto auf Media-Techport.DE hast.
     <br>
     Dein Passwort bei media-techport.de endet am $($PasswordExpireDate).
     <br>
     Du hast $($DaysBeforePasswordchange) Tage Zeit dein Kennwort zu ändern.
     <br>
     Wenn du der Passwortänderung nicht nachkommst, wirst du dich bei deinem Administrator melden müssen, damit das Kennwort gesetzt werden kann.
     <br>
     <br>
     Freundliche Grüße
     <br>
     Media-Techport.DE
     </body>
"@
    return Encode-StringToUTF8 $Mailbody
}

# Import all active AD-Users
$AllADUsers = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties PasswordLastSet, mail

# Calculate expiring passwords and store them in an object
$today = Get-Date
$ExpirePasswordList = @()
foreach ($ADUser in $AllADUsers) {
    $GivenName = $ADUser.GivenName
    $Surname = $ADUser.Surname
    $MailAddress = $ADUser.mail

    $PasswordLastSet = $ADUser.PasswordLastSet
    $PasswordExpireDate = $PasswordLastSet.AddDays(+$MaxPasswordAge)

    $DaysBeforePasswordchange = ($PasswordExpireDate - $today).Days
    if ($DaysBeforePasswordchange -le $WarningLevel) {
        $ExpirePasswordList += New-Object PSObject -property @{Givenname=$Givenname;Surname=$Surname;MailAddress=$MailAddress;DaysBeforePasswordchange=$DaysBeforePasswordchange;PasswordExpireDate=$PasswordExpireDate}
    }
}

# Filter Users with Mailaddresses
$ExpirePasswordList = $ExpirePasswordList | Where-Object {$_.mailaddress}

# Send mail to every user with expired password
foreach ($ADUser in $ExpirePasswordList) {
    $GivenName = $ADUser.GivenName
    $Surname = $ADUser.Surname
    $MailAddress = $ADUser.MailAddress
    $DaysBeforePasswordchange = $ADUser.DaysBeforePasswordchange
    $PasswordExpireDate = $ADUser.PasswordExpireDate

    $Body = New-MailBody $GivenName $Surname $DaysBeforePasswordchange $PasswordExpireDate

    # Erstelle den "From" Header mit Sendername und E-Mail-Adresse
    $FromHeader = "{0} <{1}>" -f $FromName, $FromEmail

    Send-MailMessage -SmtpServer $SMTPServer -To $MailAddress -From $FromHeader -Body $Body -BodyAsHtml -Subject $Subject -Encoding ([System.Text.Encoding]::UTF8)
}