This Script has 4 functions
- Main-Menu: self-explanitory
- check-passNeverExpiresFlag
- gets current date/time
- subtracts wiggle room from today's date (default 70)
- gets users matching the following critereon:
- PASSWORDLEVEREXPIRES flag set to TRUE
- ENABLED flag set to TRUE
- Password age is within the wiggle period
- iv) their name is not like "Service_"
- for each of these users
- checks to make sure user CAN change their password, if not, service account is assumed and the remainder are skipped
- returns the password age
- if the PASSWORDNEVEREXPIRES flag is set to true, say so in green
- if the PASSWORDNEVEREXPIRES flag is set to false, say so in red
- additionally return the following properties:
- PasswordLastSet
- LastLogonDate
- Password Expiry date
- if the user CANNOTCHANGEPASSWORD flag is set true, say so in red
- if the user CANNOTCHANGEPASSWORD flag is set false, say so in green
- remove-PassNeverExpiresFlag
- gets current date/time
- subtracts wiggle room from today's date (default 70)
- gets users matching the following critereon:
- PASSWORDNEVEREXPIRES flag set to TRUE
- ENABLED flag set to TRUE
- Password age within the wiggle period
- Their NAME is not like "Service_"
- if this user count is 0, then write to host 'No users match criteria.'
- for each of the users do the following
- if CANNOTCHANGEPASSWORD flag is set to true, say so in red, displaying user NAME and SAMACCOUNTNAME
- otherwise do the following:
- display "Removing 'password never expires' for:" username
- set the AD user account property PASSWORDNEVEREXPIRES to FALSE
- get the user again and confirm PASSWORDNEVEREXPIRES is set to FALSE
- display success or failure message