Changelog: New-ADPasswordReminder.ps1
This is the changelog page for New-ADPasswordReminder.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.
v2.9 – 09-13-2013
- tweaked the filters for retrieving user accounts
- Preview parameter removed since -PreviewUser automatically sets $Preview
v2.8 – 05-03-2013
- Tons of updates – unfortunately, I haven’t kept a detailed list
- OU option added that allows you to target a specific Organizational Unit (OU)
- NoImages option tweaked. Run script with -NoImages to send a text only message. No longer need to specify $true
- Changed name of script to New-ADPasswordReminder.ps1 to align with my new naming standard
- More code optimization
- Better cleanup of message text if some variables like $HelpDeskPhone and $HelpDeskURL are not defined
v2.7 – 12-26-2012
- Added NoImages option for those that want less of a visual email. Script still sends an HTML formatted email, but it strips out any images and their related formatting.
- Cleaned up some code
v2.6 – 09-07-2012
- Changed email server variable to the preference variable $PSEmailServer
- changed Send-MailMessage syntax
- cleaned up Set-ModuleStatus function
- Cleaned up HTML code
- fixed issue with missing “)” error in the param list
- cleaned up the Remove-ScriptVariables function
- Added some Write-Verbose statements for better troubleshooting.
- Added a simple check to not include password policy requirements if email is going to FGPP user (until I can resolve detection of the FGPP settings)
- $PreviewUser specified will now work even if that user is set to PasswordNeverExpires
- Setting $PreviewUser automatically sets $Preview
- Removed transcript option
- Added variable for formatting the date shown in emails (for my non-U.S. people)
- Leaving some of the URL parameters blank will now remove the related text from the email sent to users
v2.4 – 01-14-2012
- Fixed bug in detecting domain functional level as pointed out by Michael B. Smith
- Changed email server parameter to use $PSEmailServer
- Changed Send-MailMessage syntax
- Cleaned up Get-ModuleStatus code
v2.2 – 09-29-2011
- added some missing ‘alt’ tags for some images in email HTML code
- added code to determine global minimum password length & format message accordingly
- added code to determine global password complexity requirements & format message accordingly
- added $HelpDeskURL variable in param block. That resolves the problem of some links that weren’t clickable (whoops!)
- added some parameter validation
- added ability to target a single OU, and its children
- updated the Send-MailMessage line based on user feedback
- updated links to point to new blog. This includes the one in the event log message.
v2.1 – 08/31/2011
- added some additional code to the section that installs the RSAT-AD-PowerShell feature
- corrected code that wouldn’t send mail until a the user was one day into the reminder window
- cleaned up HTML code indentations to make it a little easier to read
- variable for image path so that editing the HTML is straightforward
- added preview mode to see HTML email
- added install mode to automatically create scheduled task
- updated and enhanced the comment based help
- added code for event log logging
v2.0 – 08/15/2011
- added email code
- added transcript option
- added demo parameter & formatted output
- added param block with some default values
- moved (Get-AdDomain).DomainMode code to outside of loop to help speed up processing (since it really needs to be called only once)
- added check for ActiveDirectory module & Exchange snapins
- added alert for same day expiration
- auto load or install RSAT-AD-PowerShell feature
v1.0 – 02/26/2010
- initial version
This is most excellent. We have a 100% VPN/Laptop population and a 42 day expiration policy. We get quite a few people who let them expire and its a real pita to walk them through a reset. Lets hope this additional nag pays off!
This works brilliantly….until I try and install it as a task….then it just doesn’t work?
TS says it runs and completes, but no emails are sent?
If I previewuser…no problems?
2008R2/Ex2010SP1
Any ideas?
thanks for this useful script. It doesn’t seem to work in multi domain environment. My exchange servers are in root.domain and users are in child1.root.domain and child2.root.domain. Any tip to get it working for both the child domain – I only want to run the script from an exchange server in the root.domain. thanks for your help
thank you for the script it works greate but ihave a problem, i have to use turkish font, when i execute as demo filtered names come out as malformed. how can i fix it? Thank you
To be honest, I have no idea. Nor do I have the capacity to test in my lab. Sorry.
@Bhojraj
might be a little late, but maybe useful for others:
you can try to extend the scope?
Set-AdServerSettings -ViewEntireForest $true
Hello,
I was tasked with modifying this script for our company’s use but I am encountering one little issue that I don’t know how to fix without rewriting the whole thing. The images used to format the email
are supposed to be saved in a location where all users have access. Well one of the main uses for this script for us is to notify remote/mobile users since they are not constantly connected to the network and therefor are not normally notified that there password is expiring. And as such, when they get the email, the pictures will be missing since they do not have access to the network.
I would like for the email generated to attach the images inline that way the users will see the email formatted correctly and won’t need to have access to the files to see them. I have found a few examples of how to do this, but because of the way this script was written, I am not sure how to do it properly. I am a novice to powershell and any help would be greatly appreciated.
I intentionally didn’t do it that way because it creates a much larger email. Putting the images in a sub directory of your public web site is still the best way to do it.
@Pat Richard
Thank you for your reply Richard. We decided to use the “no images” formatting and just added our logo inline to the top of the email. Thank you so much for your hard work and time on this script. I’m just starting to learn powershell and this script was a huge help.
im getting this error on an exchange 2016 server when i run the script
Exception calling “WriteEntry” with “3” argument(s): “The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.”
A little late to the party but while using this script, I noticed it doesn’t seem to check whether or not user accounts are actually enabled or not.
I’ve modified the following code and it seems to be working fine now;
PROCESS {
Write-Verbose “Getting the user info for $accountIdentity”
$accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, name, mail, Enabled
# Make sure the password is not expired, and the account is not set to never expire
Write-Verbose “verifying that the password is not expired, and the user is not set to PasswordNeverExpires”
if ((((!($accountObj.PasswordExpired)) -and (!($accountObj.PasswordNeverExpires))) -and ($accountObj.Enabled)) -or ($PreviewUser)) {
Now the script also checks whether or not the account is enabled or disabled, and ignores any disabled accounts.