Import-Module ActiveDirectory # 获取AD用户对象 $user = Get-ADUser -Identity "username" # 获取passwordLastSet属性值 $passwordLastSet = $user.PasswordLastSet #将passwordLastSet转换为DateTime对象 $dateTime = [System.DateTime]::ParseExact($passwordLastSet, "yyyyMMddHHmmss.0Z", ...
foreach ($user in $alladuser){ #密码最后一次更改时间 $pwdlastset=Get-ADUser $user -Properties * | %{$_.passwordlastset} #密码的过期时间 $pwdlastday=($pwdlastset).adddays(180) #当前时间 $now=get-date #判断账户是否设置了永不过期 $neverexpire=get-aduser $user -Properties * |%{$_.Pas...
下面介绍一个命令,可以将Passwordlastset改成当前的时间点。 set-aduser $user -ChangePasswordAtLogon:$true Set-ADUser $user -ChangePasswordAtLogon:$false 运行完再看。 已经改好了。 如果要批量就用这个脚本: ——— $users=get-aduser -Filter * -SearchBase "ou=,dc=,dc=" -Properties * | %{$...
$pwdlastset=Get-ADUser $user -Properties * | %{$_.passwordlastset} #密码的过期时间 $pwdlastday=($pwdlastset).adddays(90) #当前时间 $now=get-date #判断账户是否设置了永不过期 $neverexpire=get-aduser $user -Properties * |%{$_.PasswordNeverExpires} #距离密码过期的时间 $expire_days=($pwd...
使用Powershell新建AD用户,可以使用New-ADUser,语法如下: New-ADUser [-Name] <string> [-WhatIf] [-Confirm] [-AccountExpirationDate <datetime>] [-AccountNotDelegated <bool>] [-AccountPassword <securestring>] [-AllowReversiblePasswordEncryption <bool>] [-AuthType <ADAuthType> {Negotiate | ...
#检测AD密码过期时间并邮件通知相应账户 ### foreach($userin$alladuser){ #密码最后一次更改时间 $pwdlastset=Get-ADUser$user-Properties * | %{$_.passwordlastset} #密码的过期时间 $pwdlastday=($pwdlastset).adddays(90) #当前时间 $now=get-date #判断...
#SET the max day before expiration alert $max_alert = 10 ### #SET the max password lifetime # In the future i rewrite to ask teh GP for the group. ### $max_pwd_life= get-maxPwdAge; $userlist = @() foreach ($objResult
#这里如果是使用检索AD用户的方法的话可以直接写 #foreach($user in $userlist)替代get-content即可 Get-Content $UserList | %{ $name = $null $userinfo = $null $ExpireDate = $null $PasswordSetDate = $null $Today = $null $leftDays = $null ...
When working with AD Users object, reading thePasswordLastSetis much easier than reading thePwdLastSet. Check the example below for more details. Get-ADuser ValidUser -Properties PasswordLastSet,PwdLastSet | Select-Object Name,PasswordLastSet,Pwdlastset ...
foreach ($user in $users) { if ($user.passwordexpired -eq "True") { write-host $user.displayname " Password Has Already Expired" } elseif ($user.passwordneverexpires -ne "True") { $passwordSetDate = $user.PasswordLastSet $dfl = (ge...