Like most large organizations, we tend to have consultants for various projects. Managing those accounts at the size that we are can be a bit difficult. I’ve created a script that will search our Consultants OU to find which consultants are expiring within the next 7 days and then email the “manager”. The manager is just the Manager field in AD so we know who is working with this consultant and who can also approve an extension for them.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<#	
	.NOTES
	===========================================================================
	 Created with: 	SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.119
	 Created on:   	4/15/2016 2:40 PM
	 Created by:   	Cole Lavallee
	 Filename:     	Get-ExpiringConsultants.ps1
	===========================================================================
	.DESCRIPTION
		Gets all consultant accounts expiring in 7 days and emails the person responsible for that consultant.
#>
Import-Module ActiveDirectory

$From = "ITSecurity@domain.com"
$SMTPServer = "smtp.domain.com"

$startdate = (Get-Date)
$enddate = $startdate.AddDays(7)

#Get list of consultants expiring in the next 7 days.

$consultants = Get-ADUser -SearchBase "OU=Consultants,DC=corp,DC=com" -Filter { AccountExpirationDate -gt $startdate -and AccountExpirationDate -lt $enddate } -Properties sAMAccountName,AccountExpirationDate,Manager

foreach ($consultant in $consultants)
{
	# Get Manager email address
	$Manager = Get-ADUser $consultant.manager -Properties EmailAddress, GivenName
	
	#Set dynamic variables
	$To = $Manager.EmailAddress
	$Subject = "Account Expiration Notification for " +  $Consultant.name
	$Body =
	"Hello $($Manager.GivenName),
    This notification is to inform you that the account for $($Consultant.Name) ($($consultant.samaccountname)) will expire on $(($Consultant.AccountExpirationDate).toshortdatestring())
    If you need to extend this, please contact ITSecurity@domain.com"
	
	Send-MailMessage -To $To -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body
	
	
	
}

We plan to run this 1-2 times a week as a scheduled task. This will certainly help both IT and those utilizing consultants within our organization.