[英]Pop up notification for user password expiry
所有,
感謝您的反饋,我修改了我從你們這里得到的一些代碼
$search = ([adsisearcher]"(&(objectCategory=person)(objectClass=User)(samaccountname=$ENV:USERNAME))").FindOne()
$user = $search.properties.name
$pwdlastset = [datetime]::FromFileTime($search.properties.pwdlastset[0])
$age = (New-TimeSpan –Start $pwdlastset –End (get-date)).Days
$expires =60-$age
if ($expires -lt 14){
Add-Type -AssemblyName 'System.Windows.Forms'
[System.Windows.Forms.MessageBox]::Show("Your password will expire in $expires days.", "Your password will expire in $expires days!",[System.Windows.Forms.MessageBoxButtons]::OK,[System.Windows.Forms.MessageBoxIcon]::Warning)
}
對於密碼將在14天后過期的用戶,它的工作原理非常完美。無論如何,我想通過以下方式檢查“域密碼策略”
$MaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
但是一旦它通過用戶配置文件上的登錄腳本運行,就說即使我強制導入模塊ActiveDirectory也無法識別。
無論如何,它並不完美,還有更多的改進空間,但至少適合我的工作。
非常感謝。
您有一種奇怪的情況,您想運行用戶端腳本,但是我不知道僅使用本機.NET / PowerShell來獲取密碼使用期限或確切有效期的方法(即,沒有Get- AdUser)
$MaxPasswordDays = 30
$Searcher = [adsisearcher]::new()
$Searcher.Filter="SamAccountName=$($env:USERNAME)"
$User = $Searcher.FindOne().Properties
$PasswordSet = $User.pwdlastset
$Expires = [DateTime]::FromFileTime("$PasswordSet").AddDays($MaxPasswordDays*-1)
if ($Expires-(Get-Date) -lt 5){ #If Expires in 5 or less Days
Add-Type -AssemblyName 'System.Windows.Forms'
[System.Windows.Forms.MessageBox]::Show("Your password will expire soon, press Ctrl+Alt+Del to change it")
}
如果將密碼有效的天數硬編碼到腳本中,則可以使用adsiSearcher
對象獲取上次設置密碼的日期,然后向后工作以顯示消息框,通過登錄腳本在啟動時運行它很容易。
關於實際問題而不是技術問題,我建議使用電子郵件而不是彈出窗口。
我為電子郵件提醒腳本准備的代碼:換掉頂部的一些內容,直到對您有用為止。
$RemindOn = @(1,3,5)
$FromAddr = "no-reply@domain.com"
$AdFilter = {Enabled -eq $True}
$Subject = "Password Expiry Reminder."
$PSEmailServer = "exchange-server-1.domain.local"
#region Message
#GivenName,Name,Expires,ExpiresIn,set custom vars above
$Message = '"** This is an auto-generated email, please do not reply **
Hi $GivenName,
We have detected your password is going to expire on $Expires ($ExpiresIn days from now)
Please change your password Immediately by pressing Ctrl+Alt+Delete and choosing ""Change a Password""
Regards,
IT"'
#endregion
#region Code Below
Import-Module ActiveDirectory
$Today = Get-Date
Get-ADUser -Filter $AdFilter -Properties "msDS-UserPasswordExpiryTimeComputed","EmailAddress","DisplayName","GivenName" | % {
$ExpiresRaw = $_."msDS-UserPasswordExpiryTimeComputed"
if ($ExpiresRaw -ne ([Int64]::MaxValue)){ #never expires
$ExpiresDate = [DateTime]::FromFileTime($ExpiresRaw)
#Prepare vars for email body
$GivenName = $_.GivenName
$Name = $_.Name
$Expires = $ExpiresDate.ToShortDateString()
$ExpiresIn = [int]($ExpiresDate-(Get-Date)).TotalDays
if (![string]::IsNullOrWhiteSpace($_.EmailAddress) -and ($ExpiresIn -in $RemindOn)){
#Send-MailMessage -From $FromAddr -To $_.EmailAddress -Subject $Subject -Body ($Message | iex)
}
}
}
#endregion
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.