2016-06-07 67 views
1

嗨我有下面的腳本哪些電子郵件用戶的密碼將在$ daysleftonpwd過期,但不知道如何添加「只有當用戶的密碼設置爲過期」意思我不想給密碼設置爲下一個過期的電子郵件用戶發送電子郵件。Powershell QADUser密碼到期

Get-QADGroupMember -Identity TEAM_GROUP | % { 
$name = $_.Name 
$email = $_.Email 
$daysleftonpwd = ((Get-QADUser -SizeLimit 0 -SearchRoot $OU -Identity $_.SamAccountName | select PasswordExpires).PasswordExpires - $date | select Days).Days 
if (((Get-QADUser -Identity $_.SamAccountName | select PasswordExpires).PasswordExpires - $date).Days -lt $threshold){ 

    Write-Host "$Name would be emailed using $email because password is less than $threshold" 
    $y = $y + "<br>$name</br>" 
    mailuser 
} 

任何想法?

回答

1

一說找-QADUser返回的領域之一是PasswordNeverExpires:

PS C:\> (Get-QADUser regularuser).PasswordNeverExpires 
False 
PS C:\> (Get-QADUser specialuser).PasswordNeverExpires 
True 

應該是很容易使用,在你的腳本進行測試。還有其他方法可以直接檢查它(你必須同時查看UserAccountControl - https://msdn.microsoft.com/en-us/library/ms680832%28v=vs.85%29.aspx和msDS-User-Account-Control-Computed - https://msdn.microsoft.com/en-us/library/ms677840%28v=vs.85%29.aspx),但這有點醜陋...