Windows 10 Toast Notification Script Update: Check for Active Directory Password Expiration

Introduction

My Windows 10 Toast Notification Script has received another update, now being on version 1.4. What’s new and delicious are mentioned in details below.

Note: I know that expiring passwords are not ideal, but reality is that many still have them configured like so while trying to find their way out with Windows Hello for Business, Password-Less etc.

The toast notification might even serve as a good entry point into enrolling into WhFB when one are ready to do so. I’ll make an example of such in the future 🙂

What’s New

  • 1.4 – Added new feature for checking for local active directory password expiration
    • If the password is about to expire (days configured in config.xml), the toast notification will display reminding the users to change their password
      • Using this feature requires the ActiveDirectory powershell module. Note: This might not be allowed everywhere. Working on alternatives 🙂
      • The function will try to import the AD powershell module, look up the user’s SamAccountName and use that with the Get-ADUser cmdlet
  • 1.4.1 – Get-ADPasswordExpiration function modified to not requiring the AD Powershell module. Thank you @ Andrew Wells
    • Improved logging for when no toast notifications are displayed
    • More commenting
  • 1.4.2 – Bug fixes to the date formatting of ADPasswordExpiration now correctly supporting different cultures

Config.xml

I have highlighted the new additions to the config.xml file in below illustration.

To enable the new feature, simply configure ADPasswordExpiration to Enabled=”True” as shown below.

ADPasswordExpirationText enables an extra text element displaying when the password is set to expire.

ADPasswordExpirationDays is the amount of days before expiration that the toast notification will start displaying for the user.

Download

https://gallery.technet.microsoft.com/Windows-10-Toast-9f228eb1

6 thoughts on “Windows 10 Toast Notification Script Update: Check for Active Directory Password Expiration”

  1. Perhaps use: net user USERNAME /domain to grab the password expiration date, for those that can’t use powershell for each client.

    Great content.

  2. Is it possible to prevent clearing the notification, I removed the dismiss button but you can still click the notification and it disappears.

    Great Tool
    thank you

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.