[英]Alternate for loading active directory module in powershell
我在公司中担任IT部门的工作。 用户休假后忘记更改密码,我们的密码有效期为90天,并且由于我们公司的政策,用户在休假期间无法更改密码。
我创建了一个Power Shell脚本,该脚本可以导入Active Directory模块并检查其密码的最后设置日期,然后将PowerShell脚本转换为exe。
而且,当用户从其PC运行exe文件时,它会显示错误,无法加载活动目录模块。
现在,我在线查看了该论坛,并建议在PC上安装远程服务器管理工具,并从Windows功能打开AD DS和AD LDS工具。 两者都需要管理权限,而我们不能在每个标准用户的PC上都这样做。
是否有任何巧妙的方法来运行此文件,而无需在每台PC上都安装RSAT? 有什么办法可以修改脚本,使其在所有标准用户PC上运行而无需任何类型的管理帐户?
您不需要RSAT。 ADSI将满足您的需求:
$Days = 20
$User = [ADSI]"WinNT://$env:USERDNSDOMAIN/$env:USERNAME,user"
$Flags = $User.UserFlags.psbase.Value
# Check if password does not expire bit is set.
If ($Flags -band 65536)
{
"Password does not expire"
}
Else
{
# Convert from seconds to days.
$AgeDays = $User.PasswordAge.psbase.Value / 86400
$MaxAge = $User.MaxPasswordAge.psbase.Value / 86400
If ($AgeDays -gt $MaxAge)
{
"Password Expired"
}
Else
{
If (($AgeDays + $Days) -gt $MaxAge)
{
"Password will expire within $Days days"
}
Else
{
"Password is not about to expire"
}
}
}
我会做这样的事情
将该脚本另存为passwordenquiry.vsb并将其放置在共享文件夹中,并通过链接到它的GPO推送桌面快捷方式作为PasswordEnquiry.vbs,这样,当他们单击该脚本时,它们将在密码即将到期时得到通知,并告诉他们在更改密码之前留下脚本消息。
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 11
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Change it before you go for leave" & chr(13) & "Press CTRL+ALT+DEL and select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.