SCCM Notify Users of Stale Workstations Script

This is a script that will check for members of the stale workstations collection and email the assigned user of each workstation, requesting that they connect their machine

# ------------------------------------------------------------------------------------------------------------------------------------------
# Script to gather members of the stale workstations collection and email the assigned user of each workstation
# Dan Dill, Jan 2017
# ------------------------------------------------------------------------------------------------------------------------------------------

# Import the modules that we need
Import-Module ActiveDirectory
cd "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin"
Import-Module .\ConfigurationManager.psd1
cd CAS:

# Variables here
$SiteServer = 'yoursccmserver'
$SiteCode = 'xxx'
$CollectionName = 'Your Stale Workstations Collection'
$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient = "testuser@domain.com"
$fallbackuser = "na\helpdeskuser" # This is used if the computer doesn't have a user affinity
$fallbackemail = "helpdeskemail@domain.com" # This is used if the affinity user's email address is blank
$from = "Company IT "
$smtpServer="yourmailserver.domain.com"
$logFile = "C:\temp\yourlog.log" # ie. c:\mylog.csv
$logging = "Enabled" # Set to Disabled to Disable Logging
#

# Check Logging Settings
if (($logging) -eq "Enabled")
{
# Test Log File Path
    $logfilePath = (Test-Path $logFile)
    if (($logFilePath) -ne "True")
    {
        # Create CSV File and Headers
        New-Item $logfile -ItemType File
        Add-Content $logfile "Date Run On,StaleComputer,AffinityUser,AffinityEmail,EmailSentTo"
    }
}

#Get collection of stale computer accounts
$Collection = Get-WmiObject -ComputerName $SiteServer -Namespace  "ROOT\SMS\site_$SiteCode" -Class SMS_Collection | where {$_.Name -eq "$CollectionName"}
$SMSClients = Get-WmiObject -ComputerName $SiteServer -Namespace  "ROOT\SMS\site_$SiteCode" -Query "SELECT * FROM SMS_FullCollectionMembership WHERE CollectionID='$($Collection.CollectionID)' order by name" | select *

#Main part of script here.  Goes through each member of the collection, tracks down the email adderess of the user connected to that
#collection member and then emails that email address
foreach ($Clientname in $SMSClients.name){

 #Get SCCM affinity-ed username associated with the computer name, selecting the first result as for some reason some PCs return multiple users
 $ClientUserName = (Get-CMUserDeviceAffinity -DeviceName $Clientname | select -first 1).uniqueusername
 $clientaffinityuser = $ClientUserName
 #Check to see if there is no user affinity with the computer, if blank then sub in from fallbackuser
 if (!$ClientUserName){$ClientUserName = $fallbackuser}

 #Get the email address for the affinity user
 $useremailaddress = (get-aduser $ClientUserName.substring(3) -Properties mail).mail
 $clientaffinityemail = $useremailaddress
 if (!$useremailaddress){$useremailaddress = $fallbackemail}
 # If Testing Is Enabled - Email Administrator
 if (($testing) -eq "Enabled"){$useremailaddress = $testRecipient}

 #Build content of notification email
 $subject = "IT Notification about $clientname "
 $firstname = (get-aduser $ClientUserName.substring(3)).givenname
 $computer = $clientname
 $body = "
 Dear $firstname,
 
 Your Company computer $computer has not been connected to the Company network in 90 days or more.


 Please connect this computer to the internal network at a Company office or via a remote VPN connection at your earliest convenience.  
 Periodic connections to the Company network are necessary so that your computer can receive critical updates and definitions.  These 
 updates keep your computer running reliably and keep the company secure from viruses and malware.  PCs that are not kept up to date 
 and periodically connected to the Company may be disabled by the IT department.


 If you have received this notification in error or if you have any questions or concerns please contact your local IT support person
 or the Help desk.
 
Thanks for helping to keep the Company secure.


 IT
"

 #send email out
 Send-Mailmessage -Encoding UTF8 -smtpServer $smtpServer -from $from -to $useremailaddress -subject $subject -body $body -bodyasHTML -priority High
 
    #log results to log file
 if (($logging) -eq "Enabled")
 {
 $date = get-date
 Add-Content $logfile "$date,$clientname,$clientaffinityuser,$clientaffinityemail,$useremailaddress" 
 }
}

# End of script