需要Powershell cmd來導出本地用戶密碼有效期

Question

我從Microsoft博客獲得了以下powershell腳本。 它完全可以滿足我的環境需求，但是它顯示密碼的有效期為true或false。 我需要提取所有本地用戶的確切密碼到期日期。 請有人幫助以下腳本獲取本地用戶帳戶的到期日期以及其他信息。

Param
(
[Parameter(Position=0,Mandatory=$false)]
[ValidateNotNullorEmpty()]
[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
[Parameter(Position=1,Mandatory=$false)]
[Alias('un')][String[]]$AccountName,
[Parameter(Position=2,Mandatory=$false)]
[Alias('cred')][System.Management.Automation.PsCredential]$Credential
)

$Obj = @()
$now = Get-Date
Foreach($Computer in $ComputerName)
{
If($Credential)
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
}
else
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
}

Foreach($LocalAccount in $AllLocalAccounts)
{



    $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value




    $Object = New-Object -TypeName PSObject

    $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
    $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
        $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
        $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
        $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
    $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
    $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
    $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
    $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
    $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
    $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now-($now.AddSeconds(-$rawPWAge))).Days
    $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description




    $Obj+=$Object
}

If($AccountName)
{
    Foreach($Account in $AccountName)
    {
        $Obj|Where-Object{$_.Name -like "$Account"}
    }
}
else
{
    $Obj
}
}

Answer 1

要獲取密碼的到期日期，您需要從MaxPasswordAge減去PasswordAge並將結果秒數添加到$now ：

$user = [adsi]"WinNT://$computer/$($LocalAccount.Name),user"
$rawPWAge = $user.PasswordAge.Value
$maxPWAge = $user.MaxPasswordAge.Value
...
$Object | Add-Member -MemberType NoteProperty -Name 'Password Expiry Date' `
                -Value $now.AddSeconds($maxPWAge - $rawPWAge)

---

附帶說明，永遠不要在循環中使用$Obj+=$Object 。 將對象添加到數組會將所有項目從現有數組復制到新數組（大小+ 1），因此可以確保該操作執行不佳。 最好在管道中使用ForEach-Object循環：

$Obj = $AllLocalAccounts | ForEach-Object {
         $user = ([adsi]"WinNT://$computer/$($_.Name),user")
         $pwAge    = $user.PasswordAge.Value
         $maxPwAge = $user.MaxPasswordAge.Value
         $pwLastSet = $now.AddSeconds(-$pwAge)

         New-Object -TypeName PSObject -Property @{
           'Name'                 = $_.Name
           'Full Name'            = $_.FullName
           'Disabled'             = $_.Disabled
           'Status'               = $_.Status
           'LockOut'              = $_.LockOut
           'Password Expires'     = $_.PasswordExpires
           'Password Required'    = $_.PasswordRequired
           'Account Type'         = $_.AccountType
           'Domain'               = $_.Domain
           'Password Last Set'    = $pwLastSet
           'Password Age'         = ($now - $pwLastSet).Days
           'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
           'Description'          = $_.Description
         }
       }

這將自動生成對象列表，然后將其分配給$Obj 。