Password Expiration

Hello all,
I have the password expiration notification script. It is working perfectly,but when
I try to set the script on my DC in secondary domain(We have multiplied domains in single forest)-i get the notifications for first domain.
When i run Get-ADDefaultDomainPasswordPolicy in powershell on DC in secondary domain i get the result of the first domain.
Are DC's found on the same site (we have to sites ).

Any idea why i get the ADDefaultDomainPasswordPolicy of second domain?

Thaks,

Aniri


August 24th, 2015 8:19am

Could you provide script syntax?
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2015 8:51am

Hi Slava,

This is a script:

$ReqVersion = [version]"1.2.2.1254"

$QadVersion = (Get-PSSnapin Quest.ActiveRoles.ADManagement).Version if($QadVersion -lt $ReqVersion) { throw "Quest AD cmdlets version '$ReqVersion' is required. Please download the latest version" } function sendmail($attachment) { $SmtpClient = New-Object system.net.mail.smtpClient $MailMessage = New-Object system.net.mail.mailmessage $SmtpClient.Host = 192.168.x.x $mailmessage.from = netadmin@email.com" $mailmessage.To.add($mailTo) $mailmessage.Subject = $subject $MailMessage.IsBodyHtml = 1 $mailmessage.Body = $body $smtpclient.Send($mailmessage) } $MaximumPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days if($MaximumPassAge -le 0) { throw "MaximumPasswordAge password policy is not configured." } $NetAdminReport=$null #Sets when to start emailing users about password expiration $DaysToExpire = 10 Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * | Select-Object Name,Email,FirstName,@{Name="Expires";Expression={ $MaximumPassAge - $_.PasswordAge.days }} | Where-Object {$_.Expires -gt 0 -AND $_.Expires -le $DaysToExpire } | Foreach-Object { #Emails admin instead of user(testing purposes) #$mailTo = "netadmin@email.com" #Emails user $mailTo = $_.Email #Lists each user whose password is expires and when $NetAdminReport += "$($_.Name)" + " (Password expires in " + "$($_.Expires)" + " days) " #Body of Net Admin Report $ReportBody="A Password Expiration Notice has been sent to the following users: $($NetAdminReport)" #Subject of Password Expiration Email to User $Subject = "Password reminder: $($_.Name) your email password will expire in $($_.Expires) days" $body = "<p style = ""font-size: 11pt; font-family: Calibri""> Hello $($_.FirstName), <br /> <br /> Your current domain password will expire in <b>$($_.Expires) days.</b></p>" sendmail $Allservers } #Send Admin Report if($NetAdminReport -ne $null) { Send-MailMessage -SmtpServer 192.168.x.x -From netadmin@email.com -To netadmin@email.com -Subject "Password Expiration Report" -Body $ReportBody }



  • Edited by Anirik 17 hours 27 minutes ago
August 24th, 2015 9:38am

Actually I'm more interested why  i get the result of the first domain ,when i run Get-ADDefaultDomainPasswordPolicy in powershell on DC in secondary domain?

Thanks,

Aniri

Free Windows Admin Tool Kit Click here and download it now
August 24th, 2015 9:43am

I do not know why but you have to specify service to get proper value.

Replace with

$MaximumPassAge = (Get-QADObject (Get-QADRootDSE -service yourdomain.com).defaultNamingContextDN).MaximumPasswordAge.days

Add search root as well:

Get-QADUser -Enabled -PasswordNeverExpires:$false -SizeLimit 0 -Email * -SearchRoot 'yourdomain.com/'

August 24th, 2015 10:00am

Hi Slava,

I replaced this line :

$MaximumPassAge = (Get-QADObject (Get-QADRootDSE -service yourdomain.com).defaultNamingContextDN).MaximumPasswordAge.days

and script runs as expected .

Thank you for help.

But I still do not understand why in secondary domain Default policy of other domain in forest?


Free Windows Admin Tool Kit Click here and download it now
August 24th, 2015 10:33am

It is Quest tools so your question should be addressed to Dell.
August 24th, 2015 11:19am

Even if I run the following  command in powershell  of the windows would I still  get an answer from Quest tools?

Get-ADDefaultDomainPasswordPolicy

Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 1:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics