Active Directory Account Expiration Notification to Managers

Active Directory Account Expiration Notification to Managers

Hello script gurus - I wanted to send an automatic email notification to managers pertaining to their contractors that has an end date on their AD accounts. The script that I found had most of the features I'm looking for. However need assistance on how to add the following into the script.

- Add additional message into the body of the email.
- Exclude the "past" expired accounts from the report.

When the report runs it sends the email to managers just fine however, we've noticed that it is including the ones that are already expired. We want to only send the ones that are expiring within 30 days from this date forward.  


Here's the script I found referenced in this forum:
https://social.technet.microsoft.com/Forums/windows/en-US/9d080c24-b2a2-4d9b-b50b-ca7fb9d95a91/account-expiration-email-notification?forum=winserverpowershell&prof=required 

Thank you for your time and appreciate any assistance!

Cheers.

Get-ADUser -Filter * -Properties directReports,EmailAddress | ForEach {

    $body = @()

    If ($_.directReports) {

        $managerEmailAddress = $_.EmailAddress

        $_.directReports | ForEach {

            $userDetails = Get-ADUser $_ -Properties AccountExpirationDate

            If ( $userDetails.AccountExpirationDate ) {

                If ( $userDetails.AccountExpirationDate -lt (Get-Date).AddDays(30) ) {

                    $sendEmail = $true

                    $props = [ordered]@{
                        Username=$userDetails.SamAccountName
                        'Account Expiration Date'=$userDetails.AccountExpirationDate
                    }

                    $body += New-Object PsObject -Property $props

                }
            }

        }

    }

    If ($sendEmail) {

        $body = $body | Out-String

        Send-MailMessage -From 'email@domain.com' -To $managerEmailAddress -Subject 'Account Expiration Report' -Body $body -SmtpServer 'mail.domain.com'

    }

    $sendEmail = $false

}

# Generic check for users with no manager
$bodyNM = @()
Get-ADUser -Filter * -Properties AccountExpirationDate,Manager | ForEach {

    If ( !$_.Manager ) {

        If ( $_.AccountExpirationDate) {

            If ($_.AccountExpirationDate -lt (Get-Date).AddDays(30) ) {

                $sendEmailNM = $true

                $propsNM = [ordered]@{
                    Username=$_.SamAccountName
                    'Account Expiration Date'=$_.AccountExpirationDate
                }

                $bodyNM += New-Object PsObject -Property $propsNM       

            }

        }

    }

}

If ($sendEmailNM) {

    $bodyNM = $bodyNM | Out-String
    Send-MailMessage -From 'email@domain.com' -To 'helpdesk@domain.com' -Subject 'Account Expiration Report' -Body $bodyNM -SmtpServer 'mail.domain.com'

}

Cheers, DB