Description:

This script can be scheduled daily to Search expired accounts, get the account's manager details and send email to them.
This can be modified easily for additional filters on users, scoping etc., like service accounts only.
The script is capable of handling missing manager details and sending email to admin notifying about those accounts.
Its using PS active directory module,

Email triggered has the ExpiredAccount Name,Expired date & time on the subject line itself.

The script is fairly simple configurable componets\variables are inside the script.

You can refer to the below guide for setting up the scheduled task

https://gallery.technet.microsoft.com/Detect-IP-address-change-aeb51118

 

Usage:

 

PowerShell

Edit|Remove

powershell

PS C:\scripts> .\AccountExpiryEmail.ps1
PS C:\scripts>

PS C:\scripts> .\AccountExpiryEmail.ps1 
PS C:\scripts>

 

Sample Emails Triggered upon executing the script:

 

 

HTML

Edit|Remove

html

#Email sent to Administrator for Expired accounts without email id.
________________________________________
From: [email protected] <[email protected]>
Sent: Wednesday, July 1, 2015 2:44 AM
To: Administrator
Subject: Account SB Test has Expired on 07/01/2015 00:00:00. And Manager is null.
#Normal Expired email sent to manager(satyajit)

From: [email protected] <[email protected]>
Sent: Wednesday, July 1, 2015 2:44 AM
To: Satyajit
Subject: Account SatyaTEST1 has Expired on 08/01/2014 00:00:00.

#Email sent to Administrator for Expired accounts without email id. 
________________________________________ 
From: [email protected] <AccountExpiry@domain.com> 
Sent: Wednesday, July 1, 2015 2:44 AM 
To: Administrator 
Subject: Account SB Test has Expired on 07/01/2015 00:00:00. And Manager is null. 
 
 
 
#Normal Expired email sent to manager(satyajit) 
_______________________________________ 
From: [email protected] <AccountExpiry@domain.com> 
Sent: Wednesday, July 1, 2015 2:44 AM 
To: Satyajit 
Subject: Account SatyaTEST1 has Expired on 08/01/2014 00:00:00. 

Major cmdlet doing the job:

You can try it out directly on Windows PowerShell to test the expected output

PowerShell

Edit|Remove

powershell

Search-ADAccount -AccountExpired
AccountExpirationDate : 8/1/2014 12:00:00 AM
DistinguishedName     : CN=SatyaTEST1,OU=Test Use...
Enabled               : True
LastLogonDate         : 6/22/2015 12:23:28 AM
LockedOut             : False
Name                  : SatyaTEST1

Search-ADAccount -AccountExpired 
 
 
AccountExpirationDate : 8/1/2014 12:00:00 AM 
DistinguishedName     : CN=SatyaTEST1,OU=Test Use... 
Enabled               : True 
LastLogonDate         : 6/22/2015 12:23:28 AM 
LockedOut             : False 
Name                  : SatyaTEST1