Script: New-DirectoryUpdateReminder.ps1 – Prompt Users to Update Their Active Directory Information
This script will look at all users in AD, and determine if they are missing key information such as office, address, title, and manager. If they are, it will send them an email requesting they update their information. It should be noted that this script is designed for environments that have a self-service solution in place for users to update their information. This can include Exchange 2010, where ECP allows the user to change many fields:
ECP options to change user info
In some of the environments that I build, where Exchange 2010 isn’t an option, or other fields need to be changed, I install Directory Update, a small footprint solution for IIS. Directory Update is a PHENOMENAL solution that’s inexpensive, yet feature packed. It’s fully configurable and features drop downs, check boxes, and logic to ensure that users are inputting the correct information in the correct format. It also allows you to specify what fields the user can update. I highly recommend it. Other environments might use some home-grown solution, or even SharePoint. Either way, a self-service solution takes the burden off the Help Desk. A perfect example is when a manager leaves the organization. When their AD account is deleted, the users who had that person listed as their manager will automatically start getting reminders from this script since the field is now empty.
Many orgs don’t worry as much about some of these fields. However, when the information is current and correct, the data can be pulled for other purposes, such as workflow applications, org charts, phone lists, etc. Some orgs use transport rules to create disclaimer or signature phrases such as how to contact a user’s manager. All of these are perfect reasons for using this script.
Features
Runs as a scheduled task, and will remind users daily until their information is complete.
Can be run in DEMO mode to see which users would receive an email.
Can be run in PREVIEW mode to receive the formatted message to see what it looks like before rolling it out in production.
Installation
Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.
This script requires a receive connector that will accept mail. See Creating a receive connector to use for sending email from PowerShell.
Once the receive connector is created, copy the script from the .zip file below to your server. Open the script in any true text editor, and set the various parameters. See the highlighted lines in the script below. Each should be configured for your environment.
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false, HelpMessage="Please specify a company name.")]
[ValidateNotNullOrEmpty()]
[string]$Company = "Contoso Ltd",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false, HelpMessage="Please specify an OWA URL")]
[ValidateNotNullOrEmpty()]
[string]$UpdateUrl = "https://directory.contoso.com/",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false, HelpMessage="Please specify the IP address of your email server")]
[ValidateNotNullOrEmpty()]
[string]$EmailServer = "10.9.0.11",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false, HelpMessage="Please specify a name and email address for the email 'from' field")]
[ValidateNotNullOrEmpty()]
[string]$EmailFrom = "Help Desk ",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[string]$HelpDeskPhone = "(586) 555-1010",
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[ValidatePattern("^http")]
[string]$HelpDeskURL = "https://intranet.contoso.com/",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[string] $TranscriptFilename = $MyInvocation.MyCommand.Name + " " + (hostname)+ " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date),
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false, HelpMessage="This must be zero")]
[ValidateNotNullOrEmpty()]
[int]$UsersNotified = 0,
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[string] $ImagePath = "http://www.domain.com/images",
Save the script on your server.
Copy the images in the .zip file to the path you specified on line 102 above.
Run the script in demo mode to see a list of users that would receive the email messages:
.\New-DirectoryUpdateReminder.ps1 -demo
New-DirectoryUpdateReminder scheduled task
Test the script’s email functionality next by using preview mode. In preview mode, a single user will receive the email message. This will allow you to see what the users will see, as well as ensure that the formatting and wording is sufficient.
.\New-DirectoryUpdateReminder.ps1 -preview -previewuser [username]
After receiving and reviewing the message, adjust the HTML code as needed.
To configure the script to run as a scheduled task, run the script in install mode using
.\New-DirectoryUpdateReminder -install
This will create a Windows scheduled task that will run the script every day at 6:30am. Once the scheduled task is created, feel free to edit it to change the time.
Editing the scheduled task
That’s all it takes. Feel free to leave comments below, including any feature requests you’d like.
Donations
I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.
Download
v1.7 – 01-27-2014 – New-DirectoryUpdateReminder.v1.7.zip
v1.5 – 09-02-2011 – New-DirectoryUpdateReminder.v1.5.zip
ScriptImages.zip – image files used in emails
Changelog
See the changelog for this script which details all versions and their features.
This is a nice script…but if you are going this far might as well finish it…
Have the user review the information in AD (provided in the e-mail) and complete the missing information.
For example: For Title, if not blank say your current Title: Office Manager; if blank, Title: .
Also I don’t think Manager should be included. Using Exchange 2010 OWA, there is no field to update the Manager (unless it is somewhere outside Account Information).
Manager is included because many solutions, including SharePoint and Directory Update, allow you to change that value.
I am getting below mentioned error while running this script
Missing closing ‘)’ in expression.
At C:\Nimesh\New-DirectoryUpdateReminder.v1.52\New-DirectoryUpdateReminder.ps1:142 char:266
+ $MBXArray = Get-User -resultsize unlimited | ? {(($_.RecipientTypeDetails -match ‘UserMailbox’) -and (($_.Office
-eq ”) -or ($_.PostalCode -eq ”) -or ($_.StreetAddress -eq ”) -or ($_Title -eq ”) -or ($_.Manager -eq ”) -or ($_.M
anager -match ‘Disabled Users’)) <<<< }
+ CategoryInfo : ParserError: (CloseParenToken:TokenId) [], ParseException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
Nimesh, remove one of the paranthesis before the Office variable.