我在企业中作为IT工作。用户请假并忘记更改密码,我们的密码有效期为90天,并且由于我们的公司政策,用户在休假时无法更改密码。备用于在PowerShell中加载活动目录模块
我创建了一个power shell脚本,用于导入活动目录模块并检查密码的最后设置日期,我将powershell脚本转换为exe。
而当用户从他们的PC运行exe文件时,它显示错误,无法加载活动目录模块。
现在我在网上查了一下,论坛建议在PC上安装远程服务器管理工具,并从Windows功能打开AD DS和AD LDS工具。两者都需要管理权限,我们不能在每个标准用户的个人电脑上这样做。
是否有任何聪明的方式来运行此文件,而不必在每台PC上安装RSAT?有什么办法可以修改脚本,以便它可以在没有任何管理帐户的所有标准用户PC上运行?谢谢
你不需要RSAT。 ADSI会做你需要的东西:
$Days = 20
$User = [ADSI]"WinNT://$env:USERDNSDOMAIN/$env:USERNAME,user"
$Flags = $User.UserFlags.psbase.Value
# Check if password does not expire bit is set.
If ($Flags -band 65536)
{
"Password does not expire"
}
Else
{
# Convert from seconds to days.
$AgeDays = $User.PasswordAge.psbase.Value/86400
$MaxAge = $User.MaxPasswordAge.psbase.Value/86400
If ($AgeDays -gt $MaxAge)
{
"Password Expired"
}
Else
{
If (($AgeDays + $Days) -gt $MaxAge)
{
"Password will expire within $Days days"
}
Else
{
"Password is not about to expire"
}
}
}
谢谢,让我试试看。 – user6662097
我会做这样的事情
这个脚本保存为passwordenquiry.vsb并将其放在共享文件夹中,并通过GPO链接到它作为推动桌面快捷方式PasswordEnquiry.vbs所以当他们点击它时,他们会在他们的密码过期时得到通知,并在离开脚本消息之前告诉他们改变它。
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 11
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2^32) + _
maxPwdAge.LowPart)/CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Change it before you go for leave" & chr(13) & "Press CTRL+ALT+DEL and select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
什么是用户得到的错误?由于缺少实际的模块,它不能加载?我建议您将PowerShell模块放在可供用户使用的网络共享上。 (如sysvol或本地文件服务器并从那里加载它)。 –
你有任何提醒密码的脚本会在X天内过期90天是好的我很震惊用户离开了多久 – DisplayName
用户登录到域名?如果是的话,为什么你需要在每台电脑上运行脚本?什么脚本? – Deptor