Windows 10 Toast Notification Script Update: Check for Active Directory Password Expiration

Introduction

My Windows 10 Toast Notification Script has received another update, now being on version 1.4. What’s new and delicious are mentioned in details below.

Note: I know that expiring passwords are not ideal, but reality is that many still have them configured like so while trying to find their way out with Windows Hello for Business, Password-Less etc.

The toast notification might even serve as a good entry point into enrolling into WhFB when one are ready to do so. I’ll make an example of such in the future ๐Ÿ™‚

Whatโ€™s New

  • 1.4 – Added new feature for checking for local active directory password expiration
    • If the password is about to expire (days configured in config.xml), the toast notification will display reminding the users to change their password
      • Using this feature requires the ActiveDirectory powershell module. Note: This might not be allowed everywhere. Working on alternatives ๐Ÿ™‚
      • The function will try to import the AD powershell module, look up the user’s SamAccountName and use that with the Get-ADUser cmdlet
  • 1.4.1 – Get-ADPasswordExpiration function modified to not requiring the AD Powershell module. Thank you @ Andrew Wells
    • Improved logging for when no toast notifications are displayed
    • More commenting
  • 1.4.2 – Bug fixes to the date formatting of ADPasswordExpiration now correctly supporting different cultures

Config.xml

I have highlighted the new additions to the config.xml file in below illustration.

To enable the new feature, simply configure ADPasswordExpiration to Enabled=”True” as shown below.

ADPasswordExpirationText enables an extra text element displaying when the password is set to expire.

ADPasswordExpirationDays is the amount of days before expiration that the toast notification will start displaying for the user.

Download

https://gallery.technet.microsoft.com/Windows-10-Toast-9f228eb1

10 thoughts on “Windows 10 Toast Notification Script Update: Check for Active Directory Password Expiration”

  1. Perhaps use: net user USERNAME /domain to grab the password expiration date, for those that can’t use powershell for each client.

    Great content.

    Reply
  2. Is it possible to prevent clearing the notification, I removed the dismiss button but you can still click the notification and it disappears.

    Great Tool
    thank you

    Reply
  3. Will this work for cloud managed win 10 devices…ie not adds joined?

    We have adds synced to aad and all user objects are there but no computer objects are in adds.

    All managed out of intune

    Reply
  4. Hey, was wondering if there was an easy way to modify the script to show the exact password expiration date/time in the toast instead of just the date. I see that you display it in the log using $ExpiryDate, but I tried to replace that in the toast notification and it doesn’t display. Thoughts?

    Reply
    • Hey John, that should be possible I’m sure. My password doesn’t have an expiration date, so I don’t have a quick way of testing without creating a test user. If I have some spare minutes tomorrow, I will try and remember to have a look. ๐Ÿ™‚

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.