Home > Exchange Server > Changelog: New-ADPasswordReminder.ps1

Changelog: New-ADPasswordReminder.ps1

This is the changelog page for New-ADPasswordReminder.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v2.9 – 09-13-2013

  1. tweaked the filters for retrieving user accounts
  2. Preview parameter removed since -PreviewUser automatically sets $Preview

v2.8 – 05-03-2013

  1. Tons of updates – unfortunately, I haven’t kept a detailed list
  2. OU option added that allows you to target a specific Organizational Unit (OU)
  3. NoImages option tweaked. Run script with -NoImages to send a text only message. No longer need to specify $true
  4. Changed name of script to New-ADPasswordReminder.ps1 to align with my new naming standard
  5. More code optimization
  6. Better cleanup of message text if some variables like $HelpDeskPhone and $HelpDeskURL are not defined

v2.7 – 12-26-2012

  1. Added NoImages option for those that want less of a visual email. Script still sends an HTML formatted email, but it strips out any images and their related formatting.
  2. Cleaned up some code

v2.6 – 09-07-2012

  1. Changed email server variable to the preference variable $PSEmailServer
  2. changed Send-MailMessage syntax
  3. cleaned up Set-ModuleStatus function
  4. Cleaned up HTML code
  5. fixed issue with missing “)” error in the param list
  6. cleaned up the Remove-ScriptVariables function
  7. Added some Write-Verbose statements for better troubleshooting.
  8. Added a simple check to not include password policy requirements if email is going to FGPP user (until I can resolve detection of the FGPP settings)
  9. $PreviewUser specified will now work even if that user is set to PasswordNeverExpires
  10. Setting $PreviewUser automatically sets $Preview
  11. Removed transcript option
  12. Added variable for formatting the date shown in emails (for my non-U.S. people)
  13. Leaving some of the URL parameters blank will now remove the related text from the email sent to users

v2.4 – 01-14-2012

  1. Fixed bug in detecting domain functional level as pointed out by Michael B. Smith
  2. Changed email server parameter to use $PSEmailServer
  3. Changed Send-MailMessage syntax
  4. Cleaned up Get-ModuleStatus code

v2.2 – 09-29-2011

  1. added some missing ‘alt’ tags for some images in email HTML code
  2. added code to determine global minimum password length & format message accordingly
  3. added code to determine global password complexity requirements & format message accordingly
  4. added $HelpDeskURL variable in param block. That resolves the problem of some links that weren’t clickable (whoops!)
  5. added some parameter validation
  6. added ability to target a single OU, and its children
  7. updated the Send-MailMessage line based on user feedback
  8. updated links to point to new blog. This includes the one in the event log message.

v2.1 – 08/31/2011

  1. added some additional code to the section that installs the RSAT-AD-PowerShell feature
  2. corrected code that wouldn’t send mail until a the user was one day into the reminder window
  3. cleaned up HTML code indentations to make it a little easier to read
  4. variable for image path so that editing the HTML is straightforward
  5. added preview mode to see HTML email
  6. added install mode to automatically create scheduled task
  7. updated and enhanced the comment based help
  8. added code for event log logging

v2.0 – 08/15/2011

  1. added email code
  2. added transcript option
  3. added demo parameter & formatted output
  4. added param block with some default values
  5. moved (Get-AdDomain).DomainMode code to outside of loop to help speed up processing (since it really needs to be called only once)
  6. added check for ActiveDirectory module & Exchange snapins
  7. added alert for same day expiration
  8. auto load or install RSAT-AD-PowerShell feature

v1.0 – 02/26/2010

  1. initial version
  1. Andy
    January 30th, 2012 at 17:16 | #1

    This is most excellent. We have a 100% VPN/Laptop population and a 42 day expiration policy. We get quite a few people who let them expire and its a real pita to walk them through a reset. Lets hope this additional nag pays off!

  2. Graham
    February 15th, 2013 at 13:00 | #2

    This works brilliantly….until I try and install it as a task….then it just doesn’t work?

    TS says it runs and completes, but no emails are sent?

    If I previewuser…no problems?

    2008R2/Ex2010SP1

    Any ideas?

  3. Bhojraj
    June 9th, 2014 at 22:05 | #3

    thanks for this useful script. It doesn’t seem to work in multi domain environment. My exchange servers are in root.domain and users are in child1.root.domain and child2.root.domain. Any tip to get it working for both the child domain – I only want to run the script from an exchange server in the root.domain. thanks for your help

  4. Maslak
    December 16th, 2014 at 04:15 | #4

    thank you for the script it works greate but ihave a problem, i have to use turkish font, when i execute as demo filtered names come out as malformed. how can i fix it? Thank you

    • Pat Richard
      December 16th, 2014 at 09:30 | #5

      To be honest, I have no idea. Nor do I have the capacity to test in my lab. Sorry.

  5. bsc
    September 22nd, 2015 at 08:25 | #6

    @Bhojraj
    might be a little late, but maybe useful for others:
    you can try to extend the scope?
    Set-AdServerSettings -ViewEntireForest $true

  6. Danilo Corrons
    January 8th, 2016 at 11:37 | #7

    Hello,

    I was tasked with modifying this script for our company’s use but I am encountering one little issue that I don’t know how to fix without rewriting the whole thing. The images used to format the email
    are supposed to be saved in a location where all users have access. Well one of the main uses for this script for us is to notify remote/mobile users since they are not constantly connected to the network and therefor are not normally notified that there password is expiring. And as such, when they get the email, the pictures will be missing since they do not have access to the network.

    I would like for the email generated to attach the images inline that way the users will see the email formatted correctly and won’t need to have access to the files to see them. I have found a few examples of how to do this, but because of the way this script was written, I am not sure how to do it properly. I am a novice to powershell and any help would be greatly appreciated.

    • Pat Richard
      January 8th, 2016 at 11:39 | #8

      I intentionally didn’t do it that way because it creates a much larger email. Putting the images in a sub directory of your public web site is still the best way to do it.

  7. Danilo Corrons
    January 26th, 2016 at 12:06 | #9

    @Pat Richard
    Thank you for your reply Richard. We decided to use the “no images” formatting and just added our logo inline to the top of the email. Thank you so much for your hard work and time on this script. I’m just starting to learn powershell and this script was a huge help.

  8. mike ross
    November 30th, 2020 at 12:35 | #10

    im getting this error on an exchange 2016 server when i run the script
    Exception calling “WriteEntry” with “3” argument(s): “The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.”

  9. June 24th, 2024 at 08:15 | #11

    A little late to the party but while using this script, I noticed it doesn’t seem to check whether or not user accounts are actually enabled or not.

    I’ve modified the following code and it seems to be working fine now;

    PROCESS {
    Write-Verbose “Getting the user info for $accountIdentity”
    $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, name, mail, Enabled
    # Make sure the password is not expired, and the account is not set to never expire
    Write-Verbose “verifying that the password is not expired, and the user is not set to PasswordNeverExpires”
    if ((((!($accountObj.PasswordExpired)) -and (!($accountObj.PasswordNeverExpires))) -and ($accountObj.Enabled)) -or ($PreviewUser)) {

    Now the script also checks whether or not the account is enabled or disabled, and ignores any disabled accounts.

  1. No trackbacks yet.