Skip to main content

How to send a password expiration notification to a user using Teams chat. Not only can you send the password notification, but you can use PowerShell with the Teams Graph API to send any message to a Teams user.

# Password Expiry Notification Using Teams and Graph API
#
# There is no need to modify anything except the $DaysToSendWarning variable.
# Set it to the number of days you want.
# Everything else should be fine with no issues.
# You might need to consent and accept the new permission after connecting using the Connect-MgGraph.
#
# https://devblogs.microsoft.com/powershell-community/password-expiry-notification-using-teams-and-graph-api/

Import-Module ActiveDirectory
Import-Module Microsoft.Graph.Teams

$Scope = @(
    'Chat.Create'
    'Chat.ReadWrite'
    'User.Read'
    'User.Read.All'
)

Connect-MgGraph -Scopes $Scope

$DaysToSendWarning = 7

# Find accounts that are enabled and have expiring passwords
$QueryParameters = @{
    Filter = {
        Enabled -eq $true -and
        PasswordNeverExpires -eq $false -and
        PasswordLastSet -gt 0
    }
    Properties = @(
        'Name'
        'EmailAddress'
        'msDS-UserPasswordExpiryTimeComputed'
        'UserPrincipalName'
    )
}

$SelectionProperties = @(
    'Name'
    'UserPrincipalName'
    'EmailAddress'
    @{
        Name = 'PasswordExpiry'
        Expression = {
            [datetime]::FromFileTime($_.'msDS-UserPasswordExpiryTimeComputed').ToLongDateString()
        }
    }
)

$Users = Get-ADUser @QueryParameters | Select-Object -Property $SelectionProperties

foreach ($User in $Users)
{
    $RecpID = Get-MgUser -UserId $User.UserPrincipalName -ErrorAction Stop

    if ($User.PasswordExpiry -eq $DaysToSendWarning)
    {
        $NewChatIDParam = @{
            ChatType = 'oneOnOne'
            Members = @(
                @{
                    '@odata.type' = '#microsoft.graph.aadUserConversationMember'
                    Roles = @(
                        'owner'
                    )
                    'User@odata.bind' = "https://graph.microsoft.com/v1.0/users('" + (get-mguser -userid (Get-MgContext).account).id + "')"
                }
                @{
                    '@odata.type' = '#microsoft.graph.aadUserConversationMember'
                    Roles = @(
                        'owner'
                    )
                    'User@odata.bind' = "https://graph.microsoft.com/v1.0/users('" + $RecpID.id + "')"
                }
            )
        }

        $ChatSessionID = New-MgChat -BodyParameter $NewChatIDParam

        Write-Host "Sending Message to $($RecpID.Mail)" -ForegroundColor Green

        try
        {
            #### Sending The Message
            $Body = @{
                ContentType = 'html'
                Content =
                @"
                Hello $($RecpID.DisplayName)<br>
                Your password will expire in $($DaysToSendWarning), Please follow <Strong><a href='www.office.com'>the instruction here to update it</a> </Strong> <BR>
                Thanks for your attention
"@
            }

            New-MgChatMessage -ChatId $ChatSessionID.ID -Body $Body -Importance Urgent
        }
        catch
        {
            Write-Host $_.Exception.Message
        }
    }
}