This script will read from a CSV and\u00a0will email users who\u2019s smart card logon Certificates are going to expire with-in the next 30 days.<\/p>\n
It will give them a stock email with instructions on how to renew their certificate.<\/p>\n
It will also email the chosen administrators to inform them as to\u00a0who has been emailed.<\/p>\n
<\/p>\n
<\/span>There is one large caveat with this script, in that the input needs to created manually.<\/p>\n The smart card system that this was designed to work along side had a system to do this very thing, but not in as much detail or have the same function.<\/p>\n Unfortunately it\u00a0stored all users in an encrypted flat file database format, which meant that I was unable to retrieve the information from the application using the script via a SQL query or SQL Dump.<\/p>\n [CC lang=\u2019powershell\u2019]<\/p>\n ################################################################################### #V Validate CSV and email accordingly. }<\/p>\n function Get-Expirers($upper, $lower){ } Get-Expirers -lower 0 -upper 1 # Send Report email to Tech teams $emailto = \u2018YOUREMAIL@YOURDOMAIN.COM\u2019 $xbody = Get-Content .\\emails\\Emailreport.htm -raw<\/p>\n If($xtoday -eq $null){$xtoday = \u2018No users\u2019}else{$xtoday = $xtoday | Out-String} $xbody = $xbody -replace \u201c#Date\u201d, \u201c$Date\u201d Send-MailMessage -SmtpServer $smtpserver -from $emailfrom -to $emailto -Subject $subject -body $xbody -bodyashtml -Priority high -Encoding $encoding -verbose<\/p>\n [\/CC]<\/p>\n The CSV should be laid out in the following format, you can of course modify the script and CSV to suit your needs.<\/p>\n [cc lang=\u2019csv\u2019]<\/p>\n ID,Issued to,Serial Number,Valid to,Valid from,Template [\/CC]<\/p>\n <\/p>\n Email Templates look like the following:<\/p>\n Greater than 7 Day old CSV file.<\/p>\n [cc lang=\u2019html\u2019]<\/p>\n <!\u2013 Message template used by PowerShell script to mail admin accounts that the CSV has not been updated. \u2013> [\/CC]<\/p>\n No CSV File present.<\/p>\n [cc lang=\u2019html\u2019]<\/p>\n <!\u2013 Message template used by PowerShell script to mail admin accounts that the CSV does not exist. \u2013> [\/CC]<\/p>\n Email Report:<\/p>\n [cc lang=\u2019html\u2019]<\/p>\n <!\u2013 Message template used by PowerShell script to mail admin accounts that the CSV does not exist. \u2013> <\/body> [\/CC]<\/p>\n The Email Message each user will receive starts with the following, instructions will be provided too. The name and messagedays variables will be filled in by the script.<\/p>\n [cc lang=’html’]<\/p>\n Dear $name<\/p>\n [\/CC]<\/p>\n","protected":false},"excerpt":{"rendered":" This script will read from a CSV and\u00a0will email users who\u2019s smart card logon Certificates…<\/p>\n","protected":false},"author":1,"featured_media":988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,19,11,13],"tags":[],"class_list":["post-954","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pki","category-powershell","category-scripts","category-versasec"],"jetpack_featured_media_url":"https:\/\/ihni.uk\/wp-content\/uploads\/2020\/02\/Powershell.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/posts\/954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ihni.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=954"}],"version-history":[{"count":0,"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/posts\/954\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ihni.uk\/index.php?rest_route=\/wp\/v2\/media\/988"}],"wp:attachment":[{"href":"https:\/\/ihni.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ihni.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ihni.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n#
\n# Script to Email Users whos smart card certificates are going to expire soon.
\n#
\n# 2018\/Jan\/22
\n#
\n###################################################################################
\nPush-Location (Split-Path -path $MyInvocation.MyCommand.Definition -Parent)
\n$Date = Get-Date -Format dd-MM-yy
\n$CSV = \u2018.\\SCUsersExpiringNext30days.csv\u2019
\n$smtpserver = \u2018YOUR-SMTP-SERVER\u2019<\/p>\n
\n$CSVStatus = $null
\n$CSVCheckExist = Test-Path $CSV
\nIf($CSVCheckExist -eq $true){
\n$CSVStatus = \u201cCSV Exists\u201d
\nWrite-Host \u201cCSV Exists!\u201d -ForegroundColor Green -BackgroundColor DarkGreen
\n$lastmodifieddate = (Get-Item $CSV).LastWriteTime;
\n$csvlastupdate = (New-TimeSpan -start $lastmodifieddate -end $date).days
\nWrite-Host \u201c$CSVLastUpdate days since modified\u201d -ForegroundColor Green -BackgroundColor DarkGreen
\nIf($csvlastupdate -gt 7){
\n$CSVStatus = \u201cCSV Exists; but is over 7 days old!\u201d
\nWrite-host $CSVStatus -ForegroundColor Yellow -BackgroundColor DarkYellow
\n$emailto = \u2018YOUREMAIL@YOURDOMAIN.COM\u2019
\n$subject = \u201cURGENT! Smart Card Certificate Expiry CSV More than 7 days Old!\u201d
\n$body = Get-Content .\\emails\\GT7.htm -raw
\nSend-MailMessage -SmtpServer $smtpserver -from $emailfrom -to $emailto -Subject $subject -body $body -bodyashtml -Priority high -Encoding $encoding}
\nElse{
\n$CSVStatus = \u201cCSV Less than7 days since modified! Running Script!\u201d
\nWrite-Host $CSVStatus -ForegroundColor Green -BackgroundColor DarkGreen}
\n}
\nElse{
\n$CSVStatus = \u201cCSV Does Not Exist!\u201d
\nWrite-Host $CSVStatus -ForegroundColor Red -BackgroundColor Darkred
\n$emailto = \u2018YOUREMAIL@YOURDOMAIN.COM\u2019
\n$subject = \u201cURGENT! Smart Card Certificate Expiry CSV DOES NOT EXIXT!\u201d
\n$body = Get-Content .\\emails\\NoCSV.htm -raw
\nSend-MailMessage -SmtpServer $smtpserver -from $emailfrom -to $emailto -Subject $subject -body $body -bodyashtml -Priority high -Encoding $encoding
\nExit<\/p>\n
\n#$lower = 1
\n#$upper = 7
\n$scexpires = Import-Csv $CSV
\n$emails = @()
\n$scexpires | %{
\n$ID = $_.(\u201cID\u201d)
\n$IssuedTo = $_.(\u201cIssued To\u201d)
\n$IssuedTo = $IssuedTo -replace \u201c.*CN=\u201d, \u201c\u201d #removes clutter in the \u2018reverse distinguished name\u2019 SMARTCARD APPLICATION provides
\n$name = $issuedTo
\n$issuedTo = $IssuedTo -replace \u201d \u201c, \u201c\u201d\u00a0\u00a0\u00a0\u00a0 #removes space for AD search
\n$issuedTo = $issuedTo -replace \u201c\u2018\u201d, \u201c\u201d\u00a0\u00a0\u00a0\u00a0 #removes pesky apostophies from names.
\n$Serial = $_.(\u201cSerial Number\u201d)
\n$ValidTo = $_.(\u201cValid To\u201d)
\n$ExpiryDate = $ValidTo
\n$ValidFrom = $_.(\u201cValid From\u201d)
\n$Template = $_.(\u201cTemplate\u201d)
\n$Adcheck=Get-ADUser -LDAPFilter \u201c(SAMAccountname=$issuedto)\u201d
\nIf($adcheck -eq $null){
\n$issuedto | SC .\\output\\UsersNotInAD-$date.txt}
\nElse{
\n$issuedto = $IssuedTo | Where-Object {$validto -as [datetime] -lt (Get-Date).AddDays($upper) -and $validto -as [datetime] -gt (Get-Date).AddDays($lower)} | Get-ADUser -Properties mail # Get Emails for all users due to expire in the next X days
\n$validto = $validto |\u00a0\u00a0 Where-Object {$validto -as [datetime] -lt (Get-Date).AddDays($upper) -and $validto -as [datetime] -gt (Get-Date).AddDays($lower)}
\n$issuedToEmail = $issuedto.mail
\n$emails += $issuedtoEmail #+ $ValidTo
\n$emails | SC \u201c.\\output\\Expiring in $lower days.txt\u201d
\n####################################################
\n#Send some Emails
\n$today = Get-Date -Format \u201cMMM d, yyyy HH:mm:ss\u201d
\n$daystoexpire = (New-TimeSpan -start $today -end $ExpiryDate).days
\n$messagedays = $daystoexpire
\nIf($messagedays -gt \u201c1\u201d){
\n$messagedays = \u201cin \u201d + \u201c$daystoexpire\u201d + \u201d days\u201d}
\nElse{
\n$messagedays = \u2018today\u2019}
\n$smtpserver = \u2018YOURSMTPSERVER\u2019
\n$emailFrom = \u2018SmartCardExpiry@YOURDOMAIN.COM\u2019
\n$emailTo = $issuedToEmail
\n$subject = \u201cAction Required \u2013 Your Smartcard certificate is due to expire $messagedays\u201d
\n$body = Get-Content .\\EMAILS\\smartcard_expiry_message.htm -Raw
\n$body = $body.replace(\u2018$name\u2019,$name)
\n$body = $body.replace(\u2018$messagedays\u2019,$messagedays)
\n$encoding = [System.Text.Encoding]::UTF8
\nIf ($emailto -eq $null){
\n#Continue
\n}
\nElse{
\nSend-MailMessage -SmtpServer $smtpserver -from $emailfrom -to $emailto -Subject $subject -body $body -bodyashtml -Priority high -Encoding $encoding<\/p>\n
\n}
\n}
\n}<\/p>\n
\nGet-Expirers -lower 1 -upper 7
\nGet-Expirers -lower 7 -upper 14
\nGet-Expirers -lower 14 -upper 21
\nGet-Expirers -lower 21 -upper 28
\nGet-Expirers -lower 28 -upper 31<\/p>\n
\n$xtoday = Get-Content \u201c.\\output\\Expiring in 0 days.txt\u201d
\n$xTomorrow = Get-Content \u201c.\\output\\Expiring in 1 days.txt\u201d
\n$x7Days = Get-Content \u201c.\\output\\Expiring in 7 days.txt\u201d
\n$x14days = Get-Content \u201c.\\output\\Expiring in 14 days.txt\u201d
\n$x21days = Get-Content \u201c.\\output\\Expiring in 21 days.txt\u201d
\n$x28days =\u00a0 Get-Content \u201c.\\output\\Expiring in 28 days.txt\u201d
\n$notInAD = Get-Content \u201c.\\output\\UsersNotInAD-$date.txt\u201d<\/p>\n
\n$emailFrom = \u2018SmartCardExpiry@YOURDOMAIN.COM\u2019
\n$encoding = [System.Text.Encoding]::UTF8
\n$subject = \u201cSmart Card Certificate Expiry Emails Sent Today\u201d<\/p>\n
\nIf($xTomorrow -eq $null){$xTomorrow = \u2018No users\u2019}else{$xtomorrow = $xtomorrow | Out-String}
\nIf($x7Days -eq $null){$x7Days = \u2018No users\u2019}else{$x7days = $x7days | Out-String}
\nIf($x14days -eq $null){$x14days = \u2018No users\u2019}else{$x14days = $x14days | Out-String}
\nIf($x21days -eq $null){$x21days = \u2018No users\u2019}else{$x21days = $x21days | Out-String}
\nIf($x28days -eq $null){$x28days = \u2018No users\u2019}else{$x28days = $x28days | Out-String}
\nIf($notinAD -eq $null){$notinad = \u2018No users\u2019}else{$notinad = $notinad | Out-String}<\/p>\n
\n$xbody = $xbody -replace \u201c#xtoday\u201d,\u201d$xToday\u201d
\n$xbody = $xbody -replace \u201c#xTomorrow\u201d,\u201d$xTomorrow\u201d
\n$xbody = $xbody -replace \u201c#x7Days\u201d,\u201d$x7Days\u201d
\n$xbody = $xbody -replace \u201c#x14days\u201d,\u201d$x14days\u201d
\n$xbody = $xbody -replace \u201c#x21days\u201d,\u201d$x21days\u201d
\n$xbody = $xbody -replace \u201c#x28days\u201d,\u201d$x28days\u201d
\n$xbody = $xbody -replace \u201c@interservefls.gse.gov.uk\u201d,\u201d<br><br>\u201d
\n$xbody = $xbody -replace \u201c#CSVStatus\u201d, \u201c$CSVStatus\u201d
\n$xbody = $xbody -replace \u201c#NotInAD\u201d, \u201c$NotinAD\u201d<\/p>\n
\n1234,\u201dDC=UK, DC=yourorg, DC=yourco, DC=DOM, OU=HQ, OU=Users, CN=Joe Bloggs\u201d,7D00006638281FF48060C3F02B000100006638,\u201dApr 28, 2018 13:34:06\u2033,\u201dApr 28, 2017 13:34:06\u2033, User Card<\/p>\n
\n<html>
\n<head>
\n<style type=\u2019text\/css\u2019>
\n<!\u2013
\n#container {
\ncolor:#0072C6;
\nfont-family:\u2019Calibri\u2019,\u2019Arial\u2019,\u2019Verdana\u2019;
\nmargin-left:auto;
\nmargin-right:auto;
\ntext-align:justify;
\n}
\n\u2013>
\n<\/style>
\n<\/head>
\n<body>
\n<div id=\u2019container\u2019>
\n<H3>LADS!<\/h3>
\n<p>
\n<h3 style=\u201dcolor:red;\u201d>The CSV for the Smart Card Certificat Expirations IS OLD!!<\/h3>
\n<h3>Please go and make sure that this file is updated!<\/h3>
\n<\/div>
\n<\/body>
\n<\/html><\/p>\n
\n<html>
\n<head>
\n<style type=\u2019text\/css\u2019>
\n<!\u2013
\n#container {
\ncolor:#0072C6;
\nfont-family:\u2019Calibri\u2019,\u2019Arial\u2019,\u2019Verdana\u2019;
\nmargin-left:auto;
\nmargin-right:auto;
\ntext-align:justify;
\n}
\n\u2013>
\n<\/style>
\n<\/head>
\n<body>
\n<div id=\u2019container\u2019>
\n<p>LADS!<\/p>
\n<p>
\n<h3 style=\u201dcolor:red;\u201d>The CSV for the Smart Card Certificat Expirations does not exist!!<\/h3>
\n<h3>Please go and make sure that this file is created!<\/h3>
\n<\/div>
\n<\/body>
\n<\/html><\/p>\n
\n<html>
\n<head>
\n<style type=\u2019text\/css\u2019>
\n<!\u2013
\n#container {
\ncolor:#0072C6;
\nfont-family:\u2019Calibri\u2019,\u2019Arial\u2019,\u2019Verdana\u2019;
\nmargin-left:auto;
\nmargin-right:auto;
\ntext-align:justify;
\n}
\n\u2013>
\n<\/style>
\n<\/head>
\n<body>
\n<div id=\u2019container\u2019>
\n<p>Hello Support Teams,<\/p>
\n<p>
\n<h3>#CSVStatus<\/h3>
\n<h3>The Following users were emailed today #Date for Smart Card Certificate Expirations.<\/h3>
\n<\/div>
\n<style type=\u201dtext\/css\u201d>
\n.tg\u00a0 {border-collapse:collapse;border-spacing:0;border-color:#999;}
\n.tg td{font-family:Arial, sans-serif;font-size:14px;padding:10px 5px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#999;color:#444;background-color:#F7FDFA;}
\n.tg th{font-family:Arial, sans-serif;font-size:14px;font-weight:normal;padding:10px 5px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#999;color:#fff;background-color:#26ADE4;}
\n.tg .tg-6dj7{font-weight:bold;font-size:small;background-color:#34cdf9;color:#343434;text-align:center;vertical-align:top}
\n.tg .tg-y5sk{font-size:x-small;vertical-align:top}
\n<\/style>
\n<table class=\u201dtg\u201d>
\n<tr>
\n<th class=\u201dtg-6dj7\u2033>Today<\/th>
\n<th class=\u201dtg-6dj7\u2033>Tomorrow<\/th>
\n<th class=\u201dtg-6dj7\u2033>7Days<\/th>
\n<th class=\u201dtg-6dj7\u2033>14 Days<\/th>
\n<th class=\u201dtg-6dj7\u2033>21 Days<\/th>
\n<th class=\u201dtg-6dj7\u2033>28 days<\/th>
\n<\/tr>
\n<tr>
\n<td class=\u201dtg-y5sk\u201d>#xToday<\/td>
\n<td class=\u201dtg-y5sk\u201d>#xTomorrow<\/td>
\n<td class=\u201dtg-y5sk\u201d>#x7days<\/td>
\n<td class=\u201dtg-y5sk\u201d>#x14Days<\/td>
\n<td class=\u201dtg-y5sk\u201d>#x21Days<\/td>
\n<td class=\u201dtg-y5sk\u201d>#x28Days<\/td>
\n<\/tr>
\n<\/table>
\n<br>
\n<table>
\n<table class=\u201dtg\u201d>
\n<tr>
\n<th class=\u201dtg-6dj7\u2033>Users not in AD with expiring SC Cert.<\/th>
\n<\/tr>
\n<tr>
\n<td class=\u201dtg-y5sk\u201d>#notInAD<\/td>
\n<\/tr>
\n<\/table><\/p>\n
\n<\/html><\/p>\nYour smartcard certificate will expire $messagedays \u2013 If you do not re-issue the certificate before it expires it will impact your ability to logon<\/h3>\n
PLEASE DO NOT RESPOND TO THIS EMAIL \u2013 THIS IS FOR NOTIFICATION PURPOSES ONLY<\/h3>\n
If you have already reissued your Smart Card Certificate, then you can safely disregard this email.<\/h3>\n