得到最後一次用戶登錄時間沒有公元

我想創建一個腳本，可以獲得未在30天內登錄特定計算機的用戶配置文件不使用活動目錄，但我的腳本沒有工作。我使用PowerShell版本3。這是我的代碼：得到最後一次用戶登錄時間沒有公元

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes 
$ComputerList = Get-Content C:\temp\Computers1.txt 
$myDomain = Get-Content C:\temp\Domain.txt 
$csvFile = 'C:\temp\Profiles.csv' 

# Create new .csv output file 
New-Item $csvFile -type file -force 

# Output the field header-line to the CSV file 
"HOST,PROFILE" | Add-Content $csvFile 

# Loop over the list of computers from the input file 
foreach ($Computer in $ComputerList) { 

    # see if ping test succeeds for this computer 
    if (Test-Connection $Computer -Count 3 -ErrorAction SilentlyContinue) { 

     $ComputerFQDN = $Computer + $myDomain 
     $Profiles = Get-WmiObject -Class Win32_UserProfile -Computer $ComputerFQDN | Where{$_.LocalPath -notlike "*$env:SystemRoot*"} 

     foreach ($profile in $profiles) { 
     try { 
       $objSID = New-Object System.Security.Principal.SecurityIdentifier($profile.LocalPath) | Where {((Get-Date)-$_.lastwritetime).days -ge 30} 

       #| Where-Object {$_.LastLogonDate -le $CurrentDate.AddDays(-60)} 
       $objuser = $objsid.Translate([System.Security.Principal.NTAccount]) 
       $objusername = $objuser.value 
      } catch { 
       $objusername = $profile.LocalPath 
      } 
      switch($profile.status){ 
       1 { $profileType="Temporary" } 
       2 { $profileType="Roaming" } 
       4 { $profileType="Mandatory" } 
       8 { $profileType="Corrupted" } 
       default { $profileType = "LOCAL" } 
      } 
      $User = $objUser.Value 

      #output profile detail for this host 
      "$($Computer.toUpper()), $($objusername)" | Add-Content $csvFile 
     } 

    } else { 

      #output failure message for this host 
      "$($Computer.toUpper()), PING TEST FAILED" | Add-Content $csvFile 
    } 

#LOOP 
}

我試圖改變-ge在該行$objSID = New-Object System.Security.Principal.SecurityIdentifier($profile.LocalPath) | Where {((Get-Date)-$_.lastwritetime).days -ge 30}到-le，以及之後改變的範圍內，但它仍然給了我同樣的列表無論我的改變如何

來源

2016-08-23 trish tran

該腳本存在一些問題，最值得注意的是，您使用Where-Object時正在測試一個不知道日期的對象（SID）。

我會分解一點。我會編寫一個函數來捕獲所有我需要做的事情來試圖找出最後一次登錄。這是我在我的實用功能堆棧中，以防萬一我再次需要它。

然後我有一些東西可以使用這個函數來處理實現需求的邏輯。

所以你最終得到這個。這有點長，看看你的想法。

function Get-LastLogon { 
    [CmdletBinding()] 
    param(
     [Parameter(ValueFromPipeline = $true)] 
     [String]$ComputerName = $env:COMPUTERNAME 
    ) 

    process { 
     Get-WmiObject Win32_UserProfile -ComputerName $ComputerName -Filter "Special='FALSE'" | ForEach-Object {  
      # Attempt to get the UserAccount using WMI 
      $userAccount = Get-WmiObject Win32_UserAccount -Filter "SID='$($_.SID)'" -ComputerName $ComputerName 

      # To satisfy WMI all single \ in a path must be escaped. 
      # Prefer to use NTUser.dat for last modification 
      $path = (Join-Path $_.LocalPath 'ntuser.dat') -replace '\\', '\\' 
      $cimObject = Get-WmiObject CIM_DataFile -Filter "Name='$path'" -ComputerName $ComputerName 
      if ($null -eq $cimObject) { 
       # Fall back to the directory 
       $path = $_.LocalPath -replace '\\', '\\' 
       $cimObject = Get-WmiObject CIM_Directory -Filter "Name='$path'" -ComputerName $ComputerName 
      } 
      $lastModified = $null 
      if ($null -ne $cimObject) { 
       $lastModified = [System.Management.ManagementDateTimeConverter]::ToDateTime($cimObject.LastModified) 
      } 
      # See if LastUseTime is more useful. 
      $lastUsed = $null 
      if ($null -ne $_.LastUseTime) { 
       $lastUsed = [System.Management.ManagementDateTimeConverter]::ToDateTime($_.LastUseTime) 
      } 

      # Profile type 
      $profileType = switch ($_.Status) { 
       1 { "Temporary" } 
       2 { "Roaming" } 
       4 { "Mandatory" } 
       8 { "Corrupted" } 
       0 { "LOCAL" } 
      } 

      [PSCustomObject]@{ 
       ComputerName = $ComputerName 
       Username  = $userAccount.Caption 
       LastChanged = $lastModified 
       LastUsed  = $lastUsed 
       SID   = $_.SID 
       Path   = $_.LocalPath 
       ProfileType = $profileType 
      } 
     } 
    } 
} 

$myDomain = Get-Content C:\temp\Domain.txt 
Get-Content C:\temp\Computers1.txt | ForEach-Object { 
    $ComputerName = $_ + $myDomain 
    if (Test-Connection $ComputerName -Quiet -Count 3) { 
     Get-LastLogon -ComputerName $ComputerName | Select-Object *, @{Name='Status';Expression={ 'OK' }} | 
      Where-Object { $_.LastChanged -lt (Get-Date).AddDays(-30) } 
    } else { 
     # Normalise the output so we don't lose columns in the export 
     $ComputerName | Select-Object @{Name='ComputerName';e={ $ComputerName }}, 
      Username, LastChanged, LastUsed, SID, Path, ProfileType, @{Name='Status';Expression={ 'PING FAILED' }} 
    } 
} | Export-Csv 'C:\temp\Profiles.csv' -NoTypeInformation

來源

2016-08-23 18:51:19

我想你的代碼，但得到這個錯誤：LastChanged：術語「LastChanged未被識別爲cmdlet，函數，腳本文件或可操作的程序的名稱。檢查名稱的拼寫，或者如果包含路徑，請驗證路徑是否正確，然後重試。在C：\ Users \ test \ SOF.ps1：59 char：28 + Where-Object {LastChanged -lt（Get-Date）.AddDays（-30）} + ~~~~~~~~~~ 〜 + CategoryInfo：ObjectNotFound：（LastChanged：String）[]，CommandNotFoundException + FullyQualifiedErrorId：CommandNotFoundException –

您正在使用哪個版本的PowerShell？你沒有這麼說，我只是用簡單的測試來對付我的版本（5）。 –

我更新了問題，我正在使用版本3 –

得到最後一次用戶登錄時間沒有公元

回答

相關問題