PowerShell scripts to notify Active Directory domain users on account expiration
The account expiration notification PowerShell script provided here sends email reminders to Active Directory users about their expiring user accounts. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, also supports sending account expiration notification to AD users. Here is a comparison of AD account expiration notification using PowerShell and ADSelfService Plus.
PowerShell
$users = Search-ADAccount -UsersOnly -AccountExpiring -TimeSpan 31:0:0:0.0
ForEach($user in $users)
{
$userobj = $user | Get-ADUser -Properties EmailAddress,AccountExpirationDate
$options = @{
'To' = $userobj.EmailAddress
'From' = 'administrator@domain.org'
'Subject' = "Account is Expiring on $($userobj.AccountExpirationDate)"
'SMTPServer' = 'svr.domain.local'
'Body' = "Account is Expiring on $($userobj.AccountExpirationDate)"
}
Send-MailMessage @options
}
ADSelfService Plus
- Open the ADSelfService Plus admin portal.
- Go to Configuration > Password Expiration Notification
- In the Password/Account Expiration Notification section that opens, click on Add New Notifcation.
- Use the Select Domain option to specify the domain whose users should receive the notifications.
- Provide a Scheduler Name.
- Set the Notification Type to Account Expiration Notification.
- Use the Notify via option to specify the notification medium (mail, SMS, or push notification)
- Select the Notification Frequency (Daily, Weekly or On Specific Days) and use the Schedule Time option to specify the date and time of the notification delivery.
- Edit the Subject and the Message of the notification, if required.
- Click on the Advanced option and in the pop-up window that opens, use the options for excluding disabled users or smart card users from receiving expiration notifications, and sending notification delivery status messages to users' managers or anyone with an admin account if necessary.
- Click Save.
Advantages to notifying users of AD account expiration using ADSelfService Plus
With ADSelfService Plus, you are just a few clicks away from configuring Active Directory account expiration notifications for users. If you're using PowerShell, you need to create, debug, and run scripts. Using ADSelfService Plus, without writing a single script, you can:
- Notify users via mail, SMS and push notification:
Choose between sending email, SMS, and push account expiration notifications with just a click. PowerShell can also be used to send SMS and push notifications, but requires compiling an extensive and complex script.
- Notify users' managers:
Send the notification delivery status automatically to the users' managers and the organization's administrators via email. You can also choose to exclude disabled users and smart card users from receiving the notifications.
- Customizable and powerful email notifications:
Draft account expiration notifications in HTML to grab the attention of users, or send different messages on different days leading up to account expiration. PowerShell does allow sending HTML-formatted emails, but the process can be quite lengthy.
- GUI based configuration:
Edit a configured account expiration notification simply by selecting it and changing the values of the settings as required. With PowerShell, while making changes to the notification script, typos and other human errors are bound to occur.
Notify Active Directory users about account expiration.
Get 30-day free trial.
