gspotter
Inlägg: 808
Medlem sedan: 2005-Maj-09
Ort Sverige
Status: offline
|
Detta lyckades jag copy-paste:a ihop och anpassa lite efter mina behov. Det enda som kvarstår är att få det att fungera från ett schemalagt jobb. Just nu så händer det inte ett jota när man kör run-now på bat-filen som kickar igång allt. Vill köra som ett vanligt konto med så få rättigheter som möjligt. Log On as a Batch-job är satt.... Och det är ett konto som har domänrättigheter. Kör jag batchfilen med runas /noprofile /user: så fungerar skriptet som det ska.
Vad mer behövs för att kunna schemalägga ps-jobb?
Function Get-UTCAge {
#get date time of the last password change
Param([int64]$Last=0)
if ($Last -eq 0) {
write 0
} else {
#clock starts counting from 1/1/1601.
[datetime]$utc="1/1/1601"
#calculate the number of days based on the int64 number
$i=$Last/864000000000
#Add the number of days to 1/1/1601
#and write the result to the pipeline
write ($utc.AddDays($i))
}
} # end Get-UTCAge function
Function Get-PwdAge {
Param([int64]$LastSet=0)
if ($LastSet -eq 0) {
write "0"
} else {
#get the date the password was last changed
[datetime]$ChangeDate=Get-UTCAge $LastSet
#get the current date and time
[datetime]$RightNow=Get-Date
#write the difference in days
write $RightNow.Subtract($ChangeDate).Days
}
} #end Get-PwdAge function
#main code
#define some constants
New-Variable ADS_UF_ACCOUNTDISABLE 0x0002 -Option Constant
New-Variable ADS_UF_PASSWD_CANT_CHANGE 0x0040 -Option Constant
New-Variable ADS_UF_DONT_EXPIRE_PASSWD 0x10000 -Option Constant
New-Variable ADS_UF_PASSWD_EXPIRED 0x800000 -Option Constant
$strfilter="(&(objectCategory=person)(objectClass=user))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$users=$objSearcher.findAll()
foreach ($user in $users) {
if (-not $user.path) {
Write-Warning "Could not find $samaccountname"
Return
}
$user | ForEach-Object {
#get password properties from useraccountcontrol field
if ($_.properties.item("useraccountcontrol";)[0] -band $ADS_UF_DONT_EXPIRE_PASSWD) {
$pwdNeverExpires=$True
}
else {
$pwdNeverExpires=$False
}
#Password expired should be calculated from a computed UAC value
$user=$_.GetDirectoryEntry()
$user.psbase.refreshcache("msDS-User-Account-Control-Computed";)
[int]$computed=$user.psbase.properties.item("msDS-User-Account-Control-Computed";).value
if ($computed -band $ADS_UF_PASSWD_EXPIRED) {
$pwdExpired=$True
}
else {
$pwdExpired=$False
}
if ($_.properties.item("useraccountcontrol";)[0] -band $ADS_UF_ACCOUNTDISABLE) {
$accDisabled=$True
}
else {
$accDisabled=$False
}
#check if user can change their password
if ($_.properties.item("useraccountcontrol";)[0] -band $ADS_UF_PASSWD_CANT_CHANGE) {
$pwdChangeAllowed=$False
}
else {
$pwdChangeAllowed=$True
}
if (-not $accDisabled -and $pwdExpired) {
#create a custom object for the account and password properties
$obj=New-Object PSObject
#add properties to the object
$obj | Add-Member -MemberType NoteProperty -Name "<br/>Name" -Value $_.properties.item("name";)[0]
#$obj | Add-Member -MemberType NoteProperty -Name "DN" -Value $_.properties.item("distinguishedname";)[0]
#$obj | Add-Member -MemberType NoteProperty -Name "samAccountName" -Value $_.properties.item("samaccountname";)[0]
#$obj | Add-Member -MemberType NoteProperty -Name "Description" -Value $_.properties.item("description";)[0]
#$obj | Add-Member -MemberType NoteProperty -Name "Email" -Value $_.properties.item("mail";)[0]
$obj | Add-Member -MemberType NoteProperty -Name "<br/>AccountCreated" -Value $_.properties.item("whencreated";)[0]
$obj | Add-Member -MemberType NoteProperty -Name "<br/>AccountModified" -Value $_.properties.item("WhenChanged";)[0]
#$obj | Add-Member -MemberType NoteProperty -Name "AccountDisabled" -Value $accDisabled
$obj | Add-Member -MemberType NoteProperty -Name "<br/>LastLogon" -Value (Get-UTCAge $_.properties.item("lastlogon";)[0])
$obj | Add-Member -MemberType NoteProperty -Name "<br/>PasswordLastChanged" -Value (Get-UTCAge $_.properties.item("pwdlastset";)[0])
$obj | Add-Member -MemberType NoteProperty -Name "<br/>PasswordAge" -Value (Get-PwdAge $_.properties.item("pwdlastset";)[0])
#$obj | Add-Member -MemberType NoteProperty -Name "PasswordExpired" -Value $pwdExpired
#$obj | Add-Member -MemberType NoteProperty -Name "PasswordNeverExpires" -Value $pwdNeverExpires
#$obj | Add-Member -MemberType NoteProperty -Name "PasswordChangeAllowed" -Value $pwdChangeAllowed
$obj | Add-Member -MemberType NoteProperty -Name "<br/>BadPasswordTime" -Value (Get-UTCAge $_.properties.item("BadPassWordTime";)[0])
#write object to the pipeline
$emailFrom = "hd@domain.se"
$emailTo = $_.properties.item("samaccountname";)[0]+"@domain.se"
$subject = "Dags att byta lösenord"
$body = "<html><body>Ditt lösenord har gått ut, var god att se till att det byts. Detta mail kommer att skickas dagligen tills dess att lösenordet är bytt. V.G. kontakta helpdesk vid eventuella problem. <br/><br/>" + $obj + "</body></html>"
$smtpServer = "smtp.domain.se"
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg = new-object Net.Mail.MailMessage($emailFrom,$emailTo,$subject,$body)
$msg.IsBodyHTML = $true
$smtp.Send($msg)
#write $obj
}
} #end foreach
}
< Meddelande ändrat av gspotter -- 2009-Juni-08 17:26:27 >
_____________________________
"Svamp/Svampen" är ett vanligt smeknamn eller öknamn för någon som kan dricka stora mängder alkohol eller att man dricker all sorts alkoholbaserad dryck. Uttrycket baseras på uppsugningsförmågan hos tvättsvampar.
|