Powershell 脚本,用于查找特定日期的密码过期并输出到 csv
Powershell script that finds password expiration by a specific date with output to csv
注意我是 POWERSHELL 的新手
好的,我需要为密码在特定日期过期的多个用户获取过期密码。我需要用户的用户名和电子邮件。我没有得到正确的输出。我一直收到一条消息说 InputObject。我不确定要在这里添加什么,我知道我遗漏了一些东西。
见下文:
Get-ADUser -filter * -SearchBase "OU=Students,DC=domain,DC=domain,DC=com" -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq $False} | select Name,@{Name="ExpiryDate";Expression={([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}} | where {($_.ExpiryDate | get-date) -gt (get-date) -and ($_.ExpiryDate | get-date) -eq (get-date).adddays(20) Export-csv C:\Temp\Password }
我链接到的网络搜索会给你这些文章...
Get-ADUser: Getting Active Directory Users Info via PowerShell
您也可以使用 Windows 服务器 ADAC 通过 GUI click-thru 为您编写基线代码,您可以根据需要进行调整。
...和帮助文件,将为您提供正确构建此文件所需的一切
# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-ADUser).Parameters
(Get-Command -Name Get-ADUser).Parameters.Keys
Get-help -Name Get-ADUser -Examples
# Results
<#
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName -A
Get-ADUser GlenJohn -Properties *
Get-ADUser -Filter {Name -eq "GlenJohn"} -SearchBase "DC=AppNC" -Properties mail -Server lds.Fabrikam.com:50000
#>
Get-help -Name Get-ADUser -Full
Get-help -Name Get-ADUser -Online
我修改了文章中的代码,如 propertyNames 中的空格,
变量、字段、文件名等,只是处理起来不必要的痛苦。
<#
Get Password Expiry Date of all Enabled AD Users
The following powershell script find all the enabled Active Directory users
whose PasswordNeverExpires flag value is equal to False and list the attribute
value samAccountName and Password Expire Date. The Active Directory computed
attribute msDS-UserPasswordExpiryTimeComputed is timeStamp attribute and its
value will be stored as integer, so we are using expression to convert timestamp
value into normal date time.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName',
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8
<#
You can add any extra attributes that are supported/available in Active Directory property listing.
If you want to add the attributes mail and pwdLastset with this script, you can
simply add these attributes as comma separated values.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'mail',
'pwdLastSet',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName', 'Name', 'DisplayName', 'mail',
@{
Name = 'PasswordLastSet'
Expression = {[datetime]::FromFileTime($_."pwdLastSet")}
},
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8
注意我是 POWERSHELL 的新手
好的,我需要为密码在特定日期过期的多个用户获取过期密码。我需要用户的用户名和电子邮件。我没有得到正确的输出。我一直收到一条消息说 InputObject。我不确定要在这里添加什么,我知道我遗漏了一些东西。
见下文:
Get-ADUser -filter * -SearchBase "OU=Students,DC=domain,DC=domain,DC=com" -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq $False} | select Name,@{Name="ExpiryDate";Expression={([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}} | where {($_.ExpiryDate | get-date) -gt (get-date) -and ($_.ExpiryDate | get-date) -eq (get-date).adddays(20) Export-csv C:\Temp\Password }
我链接到的网络搜索会给你这些文章...
Get-ADUser: Getting Active Directory Users Info via PowerShell
您也可以使用 Windows 服务器 ADAC 通过 GUI click-thru 为您编写基线代码,您可以根据需要进行调整。
...和帮助文件,将为您提供正确构建此文件所需的一切
# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-ADUser).Parameters
(Get-Command -Name Get-ADUser).Parameters.Keys
Get-help -Name Get-ADUser -Examples
# Results
<#
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName -A
Get-ADUser GlenJohn -Properties *
Get-ADUser -Filter {Name -eq "GlenJohn"} -SearchBase "DC=AppNC" -Properties mail -Server lds.Fabrikam.com:50000
#>
Get-help -Name Get-ADUser -Full
Get-help -Name Get-ADUser -Online
我修改了文章中的代码,如 propertyNames 中的空格, 变量、字段、文件名等,只是处理起来不必要的痛苦。
<#
Get Password Expiry Date of all Enabled AD Users
The following powershell script find all the enabled Active Directory users
whose PasswordNeverExpires flag value is equal to False and list the attribute
value samAccountName and Password Expire Date. The Active Directory computed
attribute msDS-UserPasswordExpiryTimeComputed is timeStamp attribute and its
value will be stored as integer, so we are using expression to convert timestamp
value into normal date time.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName',
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8
<#
You can add any extra attributes that are supported/available in Active Directory property listing.
If you want to add the attributes mail and pwdLastset with this script, you can
simply add these attributes as comma separated values.
#>
Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'mail',
'pwdLastSet',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName', 'Name', 'DisplayName', 'mail',
@{
Name = 'PasswordLastSet'
Expression = {[datetime]::FromFileTime($_."pwdLastSet")}
},
@{
Name = 'PasswordExpiryDate'
Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} |
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) |
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8