我想知道是否有人可以协助我解决伐木问题。我创建了一个使用gui来解锁帐户,重置密码和检查组等的帐户工具。我将详细信息放入了“笔录”日志中,但是除了运行该工具然后关闭它以外,它不记录任何操作。我想知道最好的方法,使它可以全部记录并为每个运行它的用户添加到文件中,或者记录操作(在每个用户的文件夹中完成操作)或记录所有更改的日志。
下面的脚本很长,但仅供参考。
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()
$ADAccountTool = New-Object system.Windows.Forms.Form
$ADAccountTool.ClientSize = '687,189'
$ADAccountTool.text = "AD Account Tool For Helpdesk"
$ADAccountTool.TopMost = $false
$CheckLocked = New-Object system.Windows.Forms.Button
$CheckLocked.BackColor = "#fabc47"
$CheckLocked.text = "Check Locked"
$CheckLocked.width = 100
$CheckLocked.height = 30
$CheckLocked.location = New-Object System.Drawing.Point(200,39)
$CheckLocked.Font = 'Microsoft Sans Serif,8'
$CheckLocked.ForeColor = "#000000"
$User = New-Object system.Windows.Forms.TextBox
$User.multiline = $false
$User.width = 174
$User.height = 25
$User.location = New-Object System.Drawing.Point(14,46)
$User.Font = 'Microsoft Sans Serif,10'
$Header = New-Object system.Windows.Forms.Label
$Header.text = "Enter User"
$Header.AutoSize = $true
$Header.width = 25
$Header.height = 10
$Header.location = New-Object System.Drawing.Point(12,26)
$Header.Font = 'Microsoft Sans Serif,10'
$UnlockAccount = New-Object system.Windows.Forms.Button
$UnlockAccount.BackColor = "#81b772"
$UnlockAccount.text = "Unlock Account"
$UnlockAccount.width = 100
$UnlockAccount.height = 30
$UnlockAccount.location = New-Object System.Drawing.Point(310,39)
$UnlockAccount.Font = 'Microsoft Sans Serif,8'
$LockAccount = New-Object system.Windows.Forms.Button
$LockAccount.BackColor = "#e55d5d"
$LockAccount.text = "Lock Account"
$LockAccount.width = 100
$LockAccount.height = 30
$LockAccount.visible = $false
$LockAccount.enabled = $false
$LockAccount.location = New-Object System.Drawing.Point(201,152)
$LockAccount.Font = 'Microsoft Sans Serif,8'
$Header2 = New-Object system.Windows.Forms.Label
$Header2.text = "Set New Password"
$Header2.AutoSize = $true
$Header2.width = 25
$Header2.height = 10
$Header2.location = New-Object System.Drawing.Point(14,87)
$Header2.Font = 'Microsoft Sans Serif,10'
$Password = New-Object system.Windows.Forms.TextBox
$Password.multiline = $false
$Password.width = 174
$Password.height = 20
$Password.location = New-Object System.Drawing.Point(12,109)
$Password.Font = 'Microsoft Sans Serif,10'
$SetPassword = New-Object system.Windows.Forms.Button
$SetPassword.text = "Set Password"
$SetPassword.width = 100
$SetPassword.height = 30
$SetPassword.location = New-Object System.Drawing.Point(200,100)
$SetPassword.Font = 'Microsoft Sans Serif,8'
$DIsableAccount = New-Object system.Windows.Forms.Button
$DIsableAccount.text = "Disable Account"
$DIsableAccount.width = 100
$DIsableAccount.height = 30
$DIsableAccount.location = New-Object System.Drawing.Point(310,100)
$DIsableAccount.Font = 'Microsoft Sans Serif,8'
$EnableAccount = New-Object system.Windows.Forms.Button
$EnableAccount.text = "Enable Account"
$EnableAccount.width = 100
$EnableAccount.height = 30
$EnableAccount.location = New-Object System.Drawing.Point(420,100)
$EnableAccount.Font = 'Microsoft Sans Serif,8'
$GroupMembership = New-Object system.Windows.Forms.Button
$GroupMembership.BackColor = "#f8e71c"
$GroupMembership.text = "Group Membership"
$GroupMembership.width = 100
$GroupMembership.height = 30
$GroupMembership.location = New-Object System.Drawing.Point(423,37)
$GroupMembership.Font = 'Microsoft Sans Serif,8'
$O365Membership = New-Object system.Windows.Forms.Button
$O365Membership.BackColor = "#8cf61f"
$O365Membership.text = "O365 Membership"
$O365Membership.width = 100
$O365Membership.height = 30
$O365Membership.location = New-Object System.Drawing.Point(537,38)
$O365Membership.Font = 'Microsoft Sans Serif,8'
$WS1Membership = New-Object system.Windows.Forms.Button
$WS1Membership.BackColor = "#1c29f8"
$WS1Membership.text = "WS1 Membership"
$WS1Membership.width = 100
$WS1Membership.height = 30
$WS1Membership.location = New-Object System.Drawing.Point(536,100)
$WS1Membership.Font = 'Microsoft Sans Serif,8'
$ADAccountTool.controls.AddRange(@($CheckLocked,$User,$Header,$UnlockAccount,$LockAccount,$Header2,$Password,$SetPassword,$DIsableAccount,$EnableAccount,$GroupMembership,$O365Membership,$WS1Membership))
$CheckLocked.Add_Click({ CheckLocked })
$UnlockAccount.Add_Click({ UnlockAccount })
$SetPassword.Add_Click({ SetPassword })
$DIsableAccount.Add_Click({ DisableAccount })
$EnableAccount.Add_Click({ EnableAccount })
$GroupMembership.Add_Click({ GroupMembership })
$LockAccount.Add_Click({ LockAccount })
$O365Membership.Add_Click({ O365Membership })
$WS1Membership.Add_Click({ WS1Membership })
#Write your logic code here
#Logging is defined here to begin soon as tool is loaded
#New File is created for logging
New-Item -Path "FOLDERPATH\PowerShell Script Logs\AD Account Tool for SD" -Name "$Env:USERNAME.log"
$LogPath = Join-Path -Path "folderName" -ChildPath "$Env:USERNAME.log"
#Function is created to define the file name and parameters
Function Add-Log ($Message) {
$Timestamp= $((Get-Date).ToString("yyyyMMdd_HHmmss"))
Add-Content -Path $LogPath -Value ($Timestamp + ": " + $Message)
}
#Function sets the users password as per input in the password box
function SetPassword {
Try {
Set-ADAccountPassword -Identity $User.text -NewPassword (ConvertTo-SecureString -AsPlainText $Password.text -Force)
[System.Windows.MessageBox]::Show('Password Changed')
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function checks whether a user is locked in Active Directory
function CheckLocked {
Try {
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled | select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Locked Accounts'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function Unlocks Active Directory account of user.
function UnlockAccount {
Try {
Unlock-ADAccount -Identity $User.text
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled | select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Unlocked Account'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function locks a users account and resets password as well
function LockAccount {
Try {
if ($LockoutBadCount = ((([xml](Get-GPOReport -Name "Default Domain Policy" -ReportType Xml)).GPO.Computer.ExtensionData.Extension.Account |
Where-Object name -eq LockoutBadCount).SettingNumber)) {
$Password = ConvertTo-SecureString 'NotMyPassword' -AsPlainText -Force
Get-ADUser -Identity $User.text -Properties SamAccountName, UserPrincipalName, LockedOut |
ForEach-Object {
for ($i = 1; $i -le $LockoutBadCount; $i++) {
Invoke-Command -ComputerName dc01 {Get-Process
} -Credential (New-Object System.Management.Automation.PSCredential ($($_.UserPrincipalName), $Password)) -ErrorAction SilentlyContinue
}
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled | Select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Unlocked Account'
}
}
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function enables a disbaled Active Directory account.
function EnableAccount {
Try {
Enable-ADAccount -Identity $User.text
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled | select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Enabled Account'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function Disabled an Active Directory account.
function DisableAccount {
Try {
Disable-ADAccount -Identity $User.text
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled | Select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Disabled Account'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function will pull all groups a user is a member off.
function GroupMembership {
Try {
$Result = GET-ADPrincipalGroupMembership -Identity $User.text | Select-Object DistinguishedName, GroupCategory, sAMAccountName, Name
$Result | Out-GridView -Title 'User Group Membership'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function Checks if users are part of the required groups for Workspace 1
function WS1Membership {
Try {
$Result = GET-ADPrincipalGroupMembership -Identity $User.text |Where-Object {$_.name -like "*GG-View_app*"} | Select-Object DistinguishedName, GroupCategory, sAMAccountName, Name
$Result | Out-GridView -Title 'Workspace1 Membership'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function Checks if users are part of for Office365 Licence's
function O365Membership {
Try {
$Result = GET-ADPrincipalGroupMembership -Identity $User.text |Where-Object {$_.name -like "*sg-lic_*"} | Select-Object DistinguishedName, GroupCategory, sAMAccountName, Name
$Result | Out-GridView -Title 'Office Licence Membership'
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Logging ends here
#Write-Output
[void]$ADAccountTool.ShowDialog()
谢谢大家的帮助。
您可以创建自己的日志文件。
创建文件:
New-Item -Path "folderName" -Name "$Env:USERNAME.log"
$LogPath = Join-Path -Path "folderName" -ChildPath "$Env:USERNAME.log"
创建一个函数以添加带有时间戳的条目:
Function Add-Log ($Message) {
$Timestamp= $((Get-Date).ToString("yyyyMMdd_HHmmss"))
Add-Content -Path $LogPath -Value ($Timestamp + ": " + $Message)
}
然后作为每个功能的一部分,附加一个日志条目,例如
function SetPassword {
Try {
Set-ADAccountPassword -Identity $User.text -NewPassword (ConvertTo-SecureString -AsPlainText $Password.text -Force) -ErrorAction Stop
[System.Windows.MessageBox]::Show('Password Changed')
Add-Log -Message ("Changed password for " + $user.text)
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
以下为您在代码中为前两个功能实现的内容。效果很好。
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()
$ADAccountTool = New-Object system.Windows.Forms.Form
$ADAccountTool.ClientSize = '687,189'
$ADAccountTool.text = "AD Account Tool For Helpdesk"
$ADAccountTool.TopMost = $false
$CheckLocked = New-Object system.Windows.Forms.Button
$CheckLocked.BackColor = "#fabc47"
$CheckLocked.text = "Check Locked"
$CheckLocked.width = 100
$CheckLocked.height = 30
$CheckLocked.location = New-Object System.Drawing.Point(200,39)
$CheckLocked.Font = 'Microsoft Sans Serif,8'
$CheckLocked.ForeColor = "#000000"
$User = New-Object system.Windows.Forms.TextBox
$User.multiline = $false
$User.width = 174
$User.height = 25
$User.location = New-Object System.Drawing.Point(14,46)
$User.Font = 'Microsoft Sans Serif,10'
$Header = New-Object system.Windows.Forms.Label
$Header.text = "Enter User"
$Header.AutoSize = $true
$Header.width = 25
$Header.height = 10
$Header.location = New-Object System.Drawing.Point(12,26)
$Header.Font = 'Microsoft Sans Serif,10'
$UnlockAccount = New-Object system.Windows.Forms.Button
$UnlockAccount.BackColor = "#81b772"
$UnlockAccount.text = "Unlock Account"
$UnlockAccount.width = 100
$UnlockAccount.height = 30
$UnlockAccount.location = New-Object System.Drawing.Point(310,39)
$UnlockAccount.Font = 'Microsoft Sans Serif,8'
$LockAccount = New-Object system.Windows.Forms.Button
$LockAccount.BackColor = "#e55d5d"
$LockAccount.text = "Lock Account"
$LockAccount.width = 100
$LockAccount.height = 30
$LockAccount.visible = $false
$LockAccount.enabled = $false
$LockAccount.location = New-Object System.Drawing.Point(201,152)
$LockAccount.Font = 'Microsoft Sans Serif,8'
$Header2 = New-Object system.Windows.Forms.Label
$Header2.text = "Set New Password"
$Header2.AutoSize = $true
$Header2.width = 25
$Header2.height = 10
$Header2.location = New-Object System.Drawing.Point(14,87)
$Header2.Font = 'Microsoft Sans Serif,10'
$Password = New-Object system.Windows.Forms.TextBox
$Password.multiline = $false
$Password.width = 174
$Password.height = 20
$Password.location = New-Object System.Drawing.Point(12,109)
$Password.Font = 'Microsoft Sans Serif,10'
$SetPassword = New-Object system.Windows.Forms.Button
$SetPassword.text = "Set Password"
$SetPassword.width = 100
$SetPassword.height = 30
$SetPassword.location = New-Object System.Drawing.Point(200,100)
$SetPassword.Font = 'Microsoft Sans Serif,8'
$DIsableAccount = New-Object system.Windows.Forms.Button
$DIsableAccount.text = "Disable Account"
$DIsableAccount.width = 100
$DIsableAccount.height = 30
$DIsableAccount.location = New-Object System.Drawing.Point(310,100)
$DIsableAccount.Font = 'Microsoft Sans Serif,8'
$EnableAccount = New-Object system.Windows.Forms.Button
$EnableAccount.text = "Enable Account"
$EnableAccount.width = 100
$EnableAccount.height = 30
$EnableAccount.location = New-Object System.Drawing.Point(420,100)
$EnableAccount.Font = 'Microsoft Sans Serif,8'
$GroupMembership = New-Object system.Windows.Forms.Button
$GroupMembership.BackColor = "#f8e71c"
$GroupMembership.text = "Group Membership"
$GroupMembership.width = 100
$GroupMembership.height = 30
$GroupMembership.location = New-Object System.Drawing.Point(423,37)
$GroupMembership.Font = 'Microsoft Sans Serif,8'
$O365Membership = New-Object system.Windows.Forms.Button
$O365Membership.BackColor = "#8cf61f"
$O365Membership.text = "O365 Membership"
$O365Membership.width = 100
$O365Membership.height = 30
$O365Membership.location = New-Object System.Drawing.Point(537,38)
$O365Membership.Font = 'Microsoft Sans Serif,8'
$WS1Membership = New-Object system.Windows.Forms.Button
$WS1Membership.BackColor = "#1c29f8"
$WS1Membership.text = "WS1 Membership"
$WS1Membership.width = 100
$WS1Membership.height = 30
$WS1Membership.location = New-Object System.Drawing.Point(536,100)
$WS1Membership.Font = 'Microsoft Sans Serif,8'
$ADAccountTool.controls.AddRange(@($CheckLocked,$User,$Header,$UnlockAccount,$LockAccount,$Header2,$Password,$SetPassword,$DIsableAccount,$EnableAccount,$GroupMembership,$O365Membership,$WS1Membership))
$CheckLocked.Add_Click({ CheckLocked })
$UnlockAccount.Add_Click({ UnlockAccount })
$SetPassword.Add_Click({ SetPassword })
$DIsableAccount.Add_Click({ DisableAccount })
$EnableAccount.Add_Click({ EnableAccount })
$GroupMembership.Add_Click({ GroupMembership })
$LockAccount.Add_Click({ LockAccount })
$O365Membership.Add_Click({ O365Membership })
$WS1Membership.Add_Click({ WS1Membership })
#Write your logic code here
#Logging is defined here to begin soon as tool is loaded
#New File is created for logging
New-Item -Path "c:\temp" -Name "$Env:USERNAME.log"
$LogPath = Join-Path -Path "c:\temp" -ChildPath "$Env:USERNAME.log"
#Function is created to define the file name and parameters
Function Add-Log ($Message) {
$Timestamp= $((Get-Date).ToString("yyyyMMdd_HHmmss"))
Add-Content -Path $LogPath -Value ($Timestamp + ": " + $Message)
}
#Function sets the users password as per input in the password box
function SetPassword {
Try {
Set-ADAccountPassword -Identity $User.text -NewPassword (ConvertTo-SecureString -AsPlainText $Password.text -Force) -ErrorAction Stop
[System.Windows.MessageBox]::Show('Password Changed')
}
Catch {
Add-Log -Message ("Error changing password for " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
#Function checks whether a user is locked in Active Directory
function CheckLocked {
Try {
$Result = Get-ADUser -Identity $User.text -Properties Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled -ErrorAction Stop | select-Object Name, LastLogonDate, LockedOut, AccountLockOutTime, Enabled
$Result | Out-GridView -Title 'Locked Accounts'
}
Catch {
Add-Log -Message ("Error finding locked user " + $user.text)
# Add the trapped error to log
Add-Log -Message $_
}
}
[void]$ADAccountTool.ShowDialog()