[英]Powershell script that finds password expiration by a specific date with output to csv
注意我是 POWERSHELL 的新手
好的,我需要为多个密码在特定日期过期的用户获取过期密码。 我需要用户的用户名和电子邮件。 我没有得到正确的 output。 我不断收到一条消息,上面写着 InputObject。 我不确定要在这里添加什么,我知道我遗漏了一些东西。
见下文:
Get-ADUser -filter * -SearchBase "OU=Students,DC=domain,DC=domain,DC=com" -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq $False} | select Name,@{Name="ExpiryDate";Expression={([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}} | where {($_.ExpiryDate | get-date) -gt (get-date) -and ($_.ExpiryDate | get-date) -eq (get-date).adddays(20) Export-csv C:\Temp\Password }
我链接到的 web 搜索会给你这些文章......
您还可以使用 Windows 服务器 ADAC 通过 GUI 点击为您编写基线代码,您可以根据需要进行调整。
...和帮助文件,将为您提供正确构建它所需的一切
# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-ADUser).Parameters
(Get-Command -Name Get-ADUser).Parameters.Keys
Get-help -Name Get-ADUser -Examples
# Results
<#
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName -A
Get-ADUser GlenJohn -Properties *
Get-ADUser -Filter {Name -eq "GlenJohn"} -SearchBase "DC=AppNC" -Properties mail -Server lds.Fabrikam.com:50000
#>
Get-help -Name Get-ADUser -Full
Get-help -Name Get-ADUser -Online
我对文章中的代码进行了一些修改,因为 propertyNames、变量、字段、文件名等中的空格只是处理不必要的痛苦。
<#
Get Password Expiry Date of all Enabled AD Users
The following powershell script find all the enabled Active Directory users
whose PasswordNeverExpires flag value is equal to False and list the attribute
value samAccountName and Password Expire Date. The Active Directory computed
attribute msDS-UserPasswordExpiryTimeComputed is timeStamp attribute and its
value will be stored as integer, so we are using expression to convert timestamp
value into normal date time.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName',
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8
<#
You can add any extra attributes that are supported/available in Active Directory property listing.
If you want to add the attributes mail and pwdLastset with this script, you can
simply add these attributes as comma separated values.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'mail',
'pwdLastSet',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName', 'Name', 'DisplayName', 'mail',
@{
Name = 'PasswordLastSet'
Expression = {[datetime]::FromFileTime($_."pwdLastSet")}
},
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.