领导交待的任务,要求对域中一部分很重要的帐户进行用户状态监控,要求不高,达到如下几点:
1.用户是否禁止
2.用户密码是否过期
3.用户是否锁定
4.用户密码是否被更改过
新学了一些powershell语言,在网上东翻西凑,好不容易整出一个能用的脚本,记录一下
(初学,水平不高,大家不要笑)
脚本要求安装 Active Directory cmdlets (Quest Website):
下载地址:
-
Add-PSSnapin -Name Quest.ActiveRoles.ADManagement
-
#$mycre=Get-Credential -Credential
-
#$pw=Read-Host "Enter Password:" -AsSecureString
-
#$conn=Connect-QADService -Service '127.0.0.1:389' -ConnectionAccount 'test.local\administrator' -ConnectionPassword $pw
-
#Connect-QADService -Service '127.0.0.1:389' -Credential $mycre
-
#判断用户状态函数
-
function User_Status_Monitor([string]$user)
-
{
-
$stats=(Get-QADUser -Identity $user)
-
if ($stats.AccountIsLockedOut -eq "True")
-
{Write-Output "$user is Locks.`n" ;1}
-
elseif ($stats.AccountIsDisabled -eq "True")
-
{Write-Output "$user is Disabled.`n" ;1}
-
elseif ($stats.AccountIsExpired -eq "True")
-
{Write-Output "$user is Expired.`n" ;1}
-
elseif ($stats.PasswordAge.Days -eq "0")
-
{Write-Output "$user password was change today.`n" ;1}
-
else
-
{Write-Output "$user user stats is normal.`n" ;0}
-
}
-
#检测用户状态并收集相关信息
-
$users="test","test1","test2","test3"
-
$users | foreach -Process {
-
if ((User_Status_Monitor($_))[1] -eq "1") {$body+=(User_Status_Monitor($_))[0]}
-
}
-
#判断有没有异常消息,有则发送邮件通知
-
if ( $body -ne $null ) { Send-MailMessage -From ***@sunwill.com.cn -To ***@sunwill.com.cn -SmtpServer mailhost -Subject "SunWill AD Users Monitors Notification" -Body $body }
-
#Disconnect-QADService -Connection $conn
阅读(2742) | 评论(0) | 转发(0) |
