If you have managed an Active Directory installation that has a large number of users who connect to the network infrequently, you may have faced a problem where the user’s password expires when they are away from the network and possibly leaving them in a situation where they are not able to reset their password remotely.
I recently was in this situation and had to write a script to intimate users about an impending password expiry. Here is what the script does:
The script queries your domain for all users and checks for the last password change date. This value is compared against you max password age value and then sends an email reminder to the user that is password is about to expire in x days. This email reminder is sent 9, 6 and 3 days before the actual password expiry date, giving the user enough time to reset the password without getting locked out.
You can schedule the script to run every day in which case you will need to write a simple batch file to call this script and maybe even log the output to a file. The script can be run under the system account. You can save the following line as a batch file that can be used to call the script:
cscript “Path\to\the\vbs\script” > PwdExpyEmail.log
You can download the script here.
Note: You will have to edit the values between the **** to suit your environment.