我在企業中作爲IT工作。用戶請假並忘記更改密碼,我們的密碼有效期爲90天,並且由於我們的公司政策,用戶在休假時無法更改密碼。備用於在PowerShell中加載活動目錄模塊
我創建了一個power shell腳本,用於導入活動目錄模塊並檢查密碼的最後設置日期,我將powershell腳本轉換爲exe。
而當用戶從他們的PC運行exe文件時,它顯示錯誤,無法加載活動目錄模塊。
現在我在網上查了一下,論壇建議在PC上安裝遠程服務器管理工具,並從Windows功能打開AD DS和AD LDS工具。兩者都需要管理權限,我們不能在每個標準用戶的個人電腦上這樣做。
是否有任何聰明的方式來運行此文件,而不必在每臺PC上安裝RSAT?有什麼辦法可以修改腳本,以便它可以在沒有任何管理帳戶的所有標準用戶PC上運行?謝謝
你不需要RSAT。 ADSI會做你需要的東西:
$Days = 20
$User = [ADSI]"WinNT://$env:USERDNSDOMAIN/$env:USERNAME,user"
$Flags = $User.UserFlags.psbase.Value
# Check if password does not expire bit is set.
If ($Flags -band 65536)
{
"Password does not expire"
}
Else
{
# Convert from seconds to days.
$AgeDays = $User.PasswordAge.psbase.Value/86400
$MaxAge = $User.MaxPasswordAge.psbase.Value/86400
If ($AgeDays -gt $MaxAge)
{
"Password Expired"
}
Else
{
If (($AgeDays + $Days) -gt $MaxAge)
{
"Password will expire within $Days days"
}
Else
{
"Password is not about to expire"
}
}
}
謝謝,讓我試試看。 – user6662097
我會做這樣的事情
這個腳本保存爲passwordenquiry.vsb並將其放在共享文件夾中,並通過GPO鏈接到它作爲推動桌面快捷方式PasswordEnquiry.vbs所以當他們點擊它時,他們會在他們的密碼過期時得到通知,並在離開腳本消息之前告訴他們改變它。
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 11
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2^32) + _
maxPwdAge.LowPart)/CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Change it before you go for leave" & chr(13) & "Press CTRL+ALT+DEL and select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
什麼是用戶得到的錯誤?由於缺少實際的模塊,它不能加載?我建議您將PowerShell模塊放在可供用戶使用的網絡共享上。 (如sysvol或本地文件服務器並從那裏加載它)。 –
你有任何提醒密碼的腳本會在X天內過期90天是好的我很震驚用戶離開了多久 – DisplayName
用戶登錄到域名?如果是的話,爲什麼你需要在每臺電腦上運行腳本?什麼腳本? – Deptor