Home » Posts tagged 'Password'

Tag Archives: Password

Random Password Function Powershell

October 10, 2014 / Leave a comment

To generate a random password for Active directory you can use this function

Function Get-RandomPassword(){
Param (
 [int]$length=5 
)
$alphabet=$NULL;For ($a=65;$a –le 90;$a++) {$alphabet+=,[char][byte]$a }
$ascii=$NULL;For ($a=33;$a –le 126;$a++) {$ascii+=,[char][byte]$a }
For ($l=1; $l -le $length; $l++){ 
 $tempPassword += ($alphabet | Get-Random)
 $tempPassword += ($ascii | Get-Random)
}
return $tempPassword
}

 

Even though the length is 5, it will actually produce a 10 character password because it will use UPPERCASE letters x 5 and ASCII characters x 5

Emailing Users when Password is about to Expire

October 7, 2014 / Leave a comment

I had one request from a customer recently that asked if it was possible to email users before the their active directory passwords expire as it was causing issues with remote users.

I created a PowerShell script which I added as a scheduled task on one domain controller that runs once  a day. The script queries AD for the date the user last changed their password and compared it against AD password policy maximum age limit. If this reached a specified time such as 5 days before, the user would be emailed once per day with 5 days to go. Please note that you will need an exchange server or mail server that will allow unauthenticated email to be sent from the DC you home this script on.
$smtpServer=”exchangecasserver.domain.local”
$from = “passwordreminder@domain.local”
$expireindays = 5
#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter * -properties * |where {$_.Enabled -eq “True”} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

foreach ($user in $users)
{
$Name = (Get-ADUser $user | foreach { $_.Name})
$emailaddress = $user.emailaddress
$passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject=”Your password will expire in $daystoExpire days”
$body =”
Dear $name,
<p> Your Password will expire in $daystoexpire days.<br>
To change your password, Logon to the domain Internal Network on a PC / Laptop, press CTRL ALT Delete and chose Change Password <br>
<p>Thanks, <br>
</P>”

if ($daystoexpire -lt $expireindays)
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High

}

%d bloggers like this: