Powershell + проверка неактивных аккаунтов
Где-то нашел скрипт проверки и отключения неактивных аккаунтов – переделал под себя + добавил отправку по почте (отключение аккаунтов задисэйблено).
# Read the input parameters $Subtree and $NbDays
param([string] $Subtree, [string] $NbDays)
# Get the current date
$currentDate = [System.DateTime]::Now
# Convert the local time to UTC format because all dates are expressed in UTC (GMT) format in Active Directory
$currentDateUtc = $currentDate.ToUniversalTime()
# Set the LDAP URL to the container DN specified on the command line
#$LdapURL = “LDAP://” + $Subtree
$LdapURL = “LDAP://192.168.100.2:389/dc=my,dc=domain,dc=com”
$NbDays = 90
# Initialize a DirectorySearcher object$searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$LdapURL)
# Set the attributes that you want to be returned from AD
$searcher.PropertiesToLoad.Add(“displayName”) >$null
$searcher.PropertiesToLoad.Add(“sAMAccountName”) >$null
$searcher.PropertiesToLoad.Add(“lastLogonTimeStamp”) >$null
# Calculate the time stamp in Large Integer/Interval format using the $NbDays specified on the command line
$lastLogonTimeStampLimit = $currentDateUtc.AddDays(- $NbDays)
$lastLogonIntervalLimit = $lastLogonTimeStampLimit.ToFileTime()
#Write-Host “Looking for all users that have not logged on since “$lastLogonTimeStampLimit” (“$lastLogonIntervalLimit”)”
$body = “Looking for all users that have not logged on since $lastLogonTimeStampLimit”$searcher.Filter = “(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastLogonTimeStamp<=” + $lastLogonIntervalLimit + “))”
# Run the LDAP Search request against AD
$users = $searcher.FindAll()
if ($users.Count -eq 0)
{
Write-Host ” No account needs to be disabled.”
}
else
{
foreach ($user in $users)
{
# Read the user properties
[string]$adsPath = $user.Properties.adspath
[string]$displayName = $user.Properties.displayname
[string]$samAccountName = $user.Properties.samaccountname
[string]$lastLogonInterval = $user.Properties.lastlogontimestamp
# Disable the user
#$account=[ADSI]$adsPath
#$account.psbase.invokeset(“AccountDisabled”, “True”)
#$account.setinfo()
# Convert the date and time to the local time zone
$lastLogon = [System.DateTime]::FromFileTime($lastLogonInterval)
# Write-Host ” Disabled user “$displayName” (“$samAccountName”) who last logged on “$lastLogon” (“$lastLogonInterval”)”
# Write-Host ” —> “$displayName” (“$samAccountName”) who last logged on “$lastLogon””
$body = $body + ” $displayName ($samAccountName) who last logged on $lastLogon ” | out-string}
}
### Send mail
$FromAddress = “admin@domain.com”
$ToAddress = “ya@domain.com”
$MessageSubject = “Inactive Accounts Report”
$SendingServer = “MailServer”$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress,$ToAddress,$MessageSubject,$body
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)
Чтобы запустить из планировщика скрипт, нужно указать имя запускаемой программы:
C:WindowsSystem32WindowsPowerShellv1.0powershell.exe
и параметры командной строки:
-command “& ‘C:Backuplast_logon.ps1’ “
FreeBSD + com-port connection D-Link DWL-2100AP – прошивка и танцы с бубном