Export Password Expiry Report

Export Office 365 password reports

Office 365 Password Expiry Report/PwdExpiryReport.ps1

@@ -0,0 +1,210 @@
+Param 
+( 
+    [Parameter(Mandatory = $false)] 
+    [switch]$PwdNeverExpires, 
+    [switch]$PwdExpired, 
+    [switch]$LicensedUserOnly, 
+    [int]$SoonToExpire, 
+    [int]$RecentPwdChanges,
+    [string]$UserName,  
+    [string]$Password 
+) 
+
+#Check for MSOnline module 
+$Module=Get-Module -Name MSOnline -ListAvailable  
+if($Module.count -eq 0) 
+{ 
+ Write-Host MSOnline module is not available  -ForegroundColor yellow  
+ $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No 
+ if($Confirm -match "[yY]") 
+ { 
+  Install-Module MSOnline 
+  Import-Module MSOnline
+ } 
+ else 
+ { 
+  Write-Host MSOnline module is required to connect AzureAD.Please install module using Install-Module MSOnline cmdlet. 
+  Exit
+ }
+} 
+ 
+#Storing credential in script for scheduling purpose/ Passing credential as parameter  
+if(($UserName -ne "") -and ($Password -ne ""))  
+{  
+ $SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force  
+ $Credential  = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword  
+ Connect-MsolService -Credential $credential 
+}  
+else  
+{  
+ Connect-MsolService | Out-Null  
+} 
+
+$Result=""   
+$PwdPolicy=@{}
+$Results=@()  
+$UserCount=0 
+$PrintedUser=0 
+
+#Output file declaration 
+$ExportCSV=".\PasswordExpiryReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv" 
+
+#Getting Password policy for the domain
+$Domains=Get-MsolDomain   #-Status Verified
+foreach($Domain in $Domains)
+{ 
+ #Check for federated domain
+ if($Domain.Authentication -eq "Federated")
+ {
+  $PwdValidity=0
+ }
+ else
+ {
+  $PwdValidity=(Get-MsolPasswordPolicy -DomainName $Domain -ErrorAction SilentlyContinue ).ValidityPeriod
+  if($PwdValidity -eq $null)
+  {                                 
+   $PwdValidity=90
+  }
+ }
+ $PwdPolicy.Add($Domain.name,$PwdValidity)
+}
+ Write-Host Generating report...
+#Loop through each user 
+Get-MsolUser -All | foreach{ 
+ $UPN=$_.UserPrincipalName
+ $DisplayName=$_.DisplayName
+ [boolean]$Federated=$false
+ $UserCount++
+ #Remove external users
+ if($UPN -like "*#EXT#*")
+ {
+  return
+ }
+
+ $PwdLastChange=$_.LastPasswordChangeTimestamp
+ $PwdNeverExpire=$_.PasswordNeverExpires
+ $LicenseStatus=$_.isLicensed
+ $Print=0
+ Write-Progress -Activity "`n     Processed user count: $UserCount "`n"  Currently Processing: $DisplayName"
+ if($LicenseStatus -eq $true)
+ {
+  $LicenseStatus="Licensed"
+ }
+ else
+ {
+  $LicenseStatus="Unlicensed"
+ }
+ 
+
+ #Finding password validity period for user
+ $UserDomain= $UPN -Split "@" | Select-Object -Last 1 
+ $PwdValidityPeriod=$PwdPolicy[$UserDomain]
+
+ #Check for Pwd never expires set from pwd policy
+ if([int]$PwdValidityPeriod -eq 2147483647)
+ {
+  $PwdNeverExpire=$true
+  $PwdExpireIn="Never Expires"
+  $PwdExpiryDate="-"
+  $PwdExpiresIn="-"
+ }
+ elseif($PwdValidityPeriod -eq 0) #Users from federated domain
+ {
+  $Federated=$true
+  $PwdExpireIn="Insufficient data in O365"
+  $PwdExpiryDate="-"
+  $PwdExpiresIn="-"
+ }
+ elseif($PwdNeverExpire -eq $False) #Check for Pwd never expires set from Set-MsolUser
+ {
+  $PwdExpiryDate=$PwdLastChange.AddDays($PwdValidityPeriod)
+  $PwdExpiresIn=(New-TimeSpan -Start (Get-Date) -End $PwdExpiryDate).Days
+  if($PwdExpiresIn -gt 0)
+  {
+   $PwdExpireIn= "in $PwdExpiresIn days"
+  }
+  elseif($PwdExpiresIn -lt 0)
+  {
+   #Write-host `n $PwdExpiresIn
+   $PwdExpireIn =$PwdExpiresIn * (-1)
+   #Write-Host ************$pwdexpiresin
+   $PwdExpireIn="$PwdExpireIn days ago"
+  }
+  else
+  {
+   $PwdExpireIn="Today"
+  }
+ }
+ else
+ {
+  $PwdExpireIn="Never Expires"
+  $PwdExpiryDate="-"
+  $PwdExpiresIn="-"
+ }
+
+ #Calculating Password since last set
+ $PwdSinceLastSet=(New-TimeSpan -Start $PwdLastChange).Days
+
+ #Filter for user with Password nerver expires
+ if(($PwdNeverExpires.IsPresent) -and ($PwdNeverExpire=$false))
+ {
+  return
+ }
+ 
+ #Filter for password expired users
+ if(($pwdexpired.IsPresent) -and (($PwdExpiresIn -ge 0) -or ($PwdExpiresIn -eq "-")))
+ { 
+  return
+ }
+
+ #Filter for licensed users
+ if(($LicensedUserOnly.IsPresent) -and ($LicenseStatus -eq "Unlicensed"))
+ {
+  return
+ }
+
+ #Filter for soon to expire pwd users
+ if(($SoonToExpire -ne "") -and (($PwdExpiryDate -eq "-") -or ([int]$SoonToExpire -lt $PwdExpiresIn) -or ($PwdExpiresIn -lt 0)))
+ { 
+  return
+ }
+
+ #Filter for recently password changed users
+ if(($RecentPwdChanges -ne "") -and ($PwdSinceLastSet -gt $RecentPwdChanges))
+ {
+  return
+ }
+
+ if($Federated -eq $true)
+ {
+  $PwdExpiryDate="Insufficient data in O365"
+  $PwdExpiresIn="Insufficient data in O365"
+ }
+
+ $PrintedUser++ 
+ 
+ #Export result to csv
+ $Result=@{'Display Name'=$DisplayName;'User Principal Name'=$upn;'Pwd Last Change Date'=$PwdLastChange;'Days since Pwd Last Set'=$PwdSinceLastSet;'Pwd Expiry Date'=$PwdExpiryDate;'Days since Expiry(-) / Days to Expiry(+)'=$PwdExpiresIn ;'Friendly Expiry Time'=$PwdExpireIn;'License Status'=$LicenseStatus}
+ $Results= New-Object PSObject -Property $Result  
+ $Results | Select-Object 'Display Name','User Principal Name','Pwd Last Change Date','Days since Pwd Last Set','Pwd Expiry Date','Friendly Expiry Time','License Status','Days since Expiry(-) / Days to Expiry(+)' | Export-Csv -Path $ExportCSV -Notype -Append 
+}
+
+If($UserCount -eq 0)
+{
+ Write-Host No records found
+}
+else
+{
+ Write-Host `nThe output file contains $PrintedUser users.
+ if((Test-Path -Path $ExportCSV) -eq "True") 
+ {
+  Write-Host `nThe Output file available in $ExportCSV -ForegroundColor Green
+   $Prompt = New-Object -ComObject wscript.shell   
+  $UserInput = $Prompt.popup("Do you want to open output file?",`   
+ 0,"Open Output File",4)   
+  If ($UserInput -eq 6)   
+  {   
+   Invoke-Item "$ExportCSV"   
+  } 
+ }
+}