With the recent release of the new migration tools, it is now possible to directly query Microsoft Online for enabled users. This functionality makes it possible to simplify the original Password Notification Script and it is now possible to run the script if you aren’t running Directory Synchornization.

Below is the script. First, ensure you have the latest version of the migration tools installed (released on 2/2/2010). Next, make sure you modify the appropriate variables and test it without sending mail before running it against everyone in your environment. If run improperly it has the potential to really confuse the end users, so please contact MessageOps, at [email protected], if you have any questions prior to running it. We’ll be glad to help you implement or customize the script in your environment.

You can download the properly formatted script here.


#Microsoft Online Password Expiration Notification Script
#Written By:Chad Mosman, MessageOps, www.messageops.com
#This script notifies users via email when their Microsoft Online Password is about
#to expire. It is designed to be scheduled to run on a daily basis.
#The following variables should be modified before running the script
#$AdvancedWarning - Controls how many days before expiration the users will be notified
#that their password is about to expire. Default is 15 days.
#$mailFrom - Enter the email address that the notification will appear to come from.
#$SMTPServer - If inbound mailflow is enabled for your Microsoft Online domain, the default of
#mail.global.frontbridge.com should work. Otherwise, specify the name of your on-premise
#mail system.
#$powerUser - Username of an account with Service Admin Rights in Microsoft Online.
#$powerpass - Password of the account with Service Admin Rights in Microsoft Online.
#$subject, $body - The notification message subject and body can be customized to your needs.
#For assistance with the script, to report problems, or provide comments contact [email protected]
#To test the script without sending email to the users, comment out the SMTP commands at
#the bottom of the script and uncomment out the write-host entries at the bottom of the script


#Number of days in advance the user should be warned that their password is about to expire

#Email address that the notification email will appear to be from
$mailFrom = “[email protected]

#If inbound mailflow is not enabled on your domain in Microsoft Online, change this value
#to your on-premise mail server which should forward to Microsoft Online
$smtpServer = “mail.global.frontbridge.com”

#Microsoft Online Service Account Username and Password
$powerUser = “[email protected]
$powerPass = “YourPassword”

$password = ConvertTo-SecureString $powerPass -AsPlainText -Force
$adminCredential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $powerUser,$password

#Get all the enabled users
$colUsers = get-msonlineUser -Credential $admincredential -enabled

$colusers | ForEach-Object {

#calculate the date difference between today and the password expiration date

#is the password going to expire withing the number of days configured in the AdvancedWarning?
If ($datedifference -le $AdvancedWarning){

If ($datedifference -eq 0){
$subject = “IMMEDIATE ACTION REQUIRED: Your Microsoft Online Password Has Expired”
$body = “Your Microsoft Online password has expired. ”
ElseIf ($dateDifference -eq 1){
$subject = “IMMEDIATE ACTION REQUIRED: Your Microsoft Online Password will expire in 1 day”
$body = “Your Microsoft Online password will expire in 1 day. ”
$subject = “ACTION REQUIRED: Your Microsoft Online Password will expire in”,$datedifference,”days”
$body = “Your Microsoft Online password will expire in”,$datedifference,”days. ”

$body = $body + “Please use the Microsoft Online Sign in Client to change your password. If you do not use the Sign In Client, browse to https://home.microsoftonline.com to reset your password.”

#Send notification to user. Comment out next 2 lines if testing.
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($mailFrom, $_.Identity, $subject, $body)

#Write Results to console. Uncomment next 5 lines if testing.
#write-host “Mail from: “, $mailfrom
#write-host “Mail to: “, $_.Identity
#write-host “Subject: “, $subject
#write-host “Body: “, $body


Was this article helpful?