#!/bin/ksh
# Written by Campbell McKenzie - August 2010
# cam <dot> mckenzie <at-at-at> gmail <dot> com
# AIX Password Expiration Notification Script with emailer.
# Checks Users password expiration and if due to expire within 8 days email the user.
# REQUIRES Retrieve.Email.Address.From.Ad.perl script
# REQUIRES root privileges
# REQURIES LDAP Server eg. Windows Active Directory
# http://www.cammckenzie.com

PATH=/usr/bin:/usr/sbin:/sbin:/usr/opt/bin/:/usr/local/bin
GetEmailAddressProgram=/cable/scripts/Retrieve.Email.Address.From.Ad.perl ##  -Change This Line- 
MESSAGETOUSERS=/tmp/MessageToUsers.txt

echo " Your password is due to expire within 7days \n Please Change it ASAP to stop it Expiring. \n Any issues in regards to this email please contact the Helpdesk" > $MESSAGETOUSERS

DaysBetweenChange=84	# Days password lasts before expiring
CurrentDate=`perl -le 'print time'`
TwoWeeksAgo=`echo "$CurrentDate - 1209600" | bc`
ReminderPeriodInDays=8
AlertingPeriodEpoch=`echo "($DaysBetweenChange - $ReminderPeriodInDays) * 86400" | bc`

# Space seperated array of users who don't expire
set -A UsersWhoDontExpire user1 user2 user3 root ##  -Change This Line- 

awk '/:/ {name=$1} ; /lastu/ {print name $3}' /etc/security/passwd > /tmp/UsersLastUpdate.txt

for USER in $(cat /tmp/UsersLastUpdate.txt)
do
UserName=`echo $USER | cut -f 1 -d:`
LastUpdate=`echo $USER | cut -f 2 -d:`

AlertDateEpoch=`echo "$AlertingPeriodEpoch + $LastUpdate" | bc`
ExpiryDateEpoch=`echo "($DaysBetweenChange * 86400) + $LastUpdate" | bc`

        if [ $AlertDateEpoch -le $CurrentDate ] ; then
                if [ $AlertDateEpoch -gt $TwoWeeksAgo ] ; then
                echo $USER >> /tmp/ExpiringUsers.txt
                fi
        fi
done

# Remove UsersWhoDontExpire
i=0
NUM_OF_ELEMENTS=${#UsersWhoDontExpire[*]}
while [ $i -lt $NUM_OF_ELEMENTS ]
do
	grep -v ${UsersWhoDontExpire[$i]} /tmp/ExpiringUsers.txt  > /tmp/ExpiringUsers2.txt
	mv /tmp/ExpiringUsers2.txt /tmp/ExpiringUsers.txt
	(( i=i+1 ))
done

for USER in $(cat /tmp/ExpiringUsers.txt)
do
	UserName=`echo $USER | cut -f 1 -d:`
	LastUpdate=`echo $USER | cut -f 2 -d:`
	$GetEmailAddressProgram $UserName | grep mail
	if [ "$?" == "0" ] ; then 
	UsersEmailAddress=`$GetEmailAddressProgram $UserName | grep mail | cut -f2 -d" "` 
	mail -s "Your AIX Password is due to expire within 7 Days - Please Change it!" $UsersEmailAddress < $MESSAGETOUSERS
		if [ "$?" == "0" ] ; then
		echo "Email sent OK to: $UserName at email: $UsersEmailAddress \n" >> /tmp/FailedEmailSend.txt
		else
		echo "Email failed to: $UserName at email: $UsersEmailAddress \n" >> /tmp/FailedEmailSend.txt
		fi
	else
	echo "No email address found for: $UserName \n" >> /tmp/FailedEmailSend.txt
	fi
done

mail -s "Expiring AIX Passwords" helpdesk@YOURCOMPANY.COM < /tmp/FailedEmailSend.txt	##  -Change This Line- 

# Tidy up temp Files
rm /tmp/UsersLastUpdate.txt
rm /tmp/ExpiringUsers.txt
rm /tmp/FailedEmailSend.txt	
rm /tmp/MessageToUsers.txt