所以,我有一些用户说他们的计算机不在域上。其中一个令人烦恼的事情是Windows不会通知他们他们的域密码明显过期。所以我决定在Windows中使用powershell整理一个小脚本,检查AD以查看密码何时到期,然后在3天后即将到期,向用户发送电子邮件通知他们应该更改密码。
我现在已经设置了查看用户专有名称以获取所有必要信息。但我只能为一个人这样做,我需要查看两个用户的专有名称,并在密码即将过期时向他们发送一封电子邮件。我尝试创建另一个$ DN变量,我可以将其他Distinguished名称放入并放入get-aduser -searchbase $DN, $DN2
,但这对我不起作用。可能是一个愚蠢的尝试,但不确定完成此任务所需的语法。以下是我的代码。
$smtpServer="smtp.office365.com" # Office 365 official smtp server
$expireindays = 100 # number of days for password to expire
$from = # email from
#$logging = "$true" # Set to Disabled to Disable Logging
$logFile = "c:\Scripts\PasswordChangeNotification.csv" # ie. c:\Scripts\PasswordChangeNotification.csv
#$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient =
$date = Get-Date -format ddMMyyyy
$DN = "Distinguished name here"
# Add EMAIL Function
Function EMAIL{
Param(
$emailSmtpServer = $smtpServer, #change to your SMTP server
$emailSmtpServerPort = 587,
$emailSmtpUser = "User"
$emailSmtpPass = "Password", #Password for Send from email account
$emailFrom = "[email protected]", #Email account you want to send from
$emailTo,
$emailAttachment,
$emailSubject,
$emailBody
)
Process{
$emailMessage = New-Object System.Net.Mail.MailMessage( $emailFrom , $emailTo )
$emailMessage.Subject = $emailSubject
$emailMessage.IsBodyHtml = $true
$emailMessage.Priority = [System.Net.Mail.MailPriority]::High
$emailMessage.Body = $emailBody
$SMTPClient = New-Object System.Net.Mail.SmtpClient( $emailSmtpServer , $emailSmtpServerPort )
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential( $emailSmtpUser , $emailSmtpPass );
$SMTPClient.Send( $emailMessage )
}
}
# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired
Import-Module ActiveDirectory
$users = get-aduser -SearchBase $DN -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
# Process Each User for Password Expiry
foreach ($user in $users)
{
$Name = $user.Name
$emailaddress = $user.emailaddress
$passwordSetDate = $user.PasswordLastSet
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}
else
{
# No FGP set to Domain Default
$maxPasswordAge = $DefaultmaxPasswordAge
}
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
# Set Greeting based on Number of Days to Expiry.
# Check Number of Days to Expiry
$messageDays = $daystoexpire
if (($messageDays) -ge "1")
{
$messageDays = "in " + "$daystoexpire" + " days."
}
else
{
$messageDays = "today."
}
# Email Subject Set Here
$subject="Your password will expire $messageDays"
# Email Body Set Here, Note You can use HTML, including Images.
$body ="
<p>Dear $name,<br></P><br>
<p>Your domain password will expire $messageDays<br><br>
Please change your password before it expires.<br></P><br><br>
<p>Thanks, <br>
} # End Send Message
} # End User Processing
# End
我只是试图了解如何修改我的代码以使用两个专有名称而不仅仅是一个。我敢肯定这不是最好的方法,但我对编码还不是很好。希望这一切都有道理,我感谢你的帮助!
如您所发现的,您可以将DN值存储在数组$DNs
中并处理数组的每个元素。括号内的两个表达式仅因您提供的$DN
变量而不同。使用Foreach
循环稍微比管道到ForEach-Object
表现更好,但在你的情况下,它可以忽略不计。
$users = Foreach ($DN in $DNs) {
get-aduser -SearchBase $DN -filter {
Enabled -eq "True" -and
PasswordNeverExpires -eq "False" -and
passwordexpired -eq "False"
} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress)
这样做有以下好处:
Where-Object
:Get-ADUser
有自己的过滤器作为参数,在某些查询中使用where
可以显着提高性能。这里你应该更快,因为Get-ADUser
查询返回的用户数量增加了。得到它了!!
我将$ DN更改为:$DN = "Distinguished name","Distinguished name"
然后将我的get-aduser代码更改为:$users= $DN | ForEach-Objects {get-aduser -SearchBase $PSItem -filter * .....
谢谢,