我正在使用脚本来通知用户密码过期,但我在为嵌套组获取结果时遇到了一些问题。我的脚本将过滤Parent-Test
成员的用户。我没有任何直接成为此用户的用户,他们将成为Child01-Test
和Child02-Test
的成员。 Child01
和Child02
是Parent-Test的成员。
有没有办法使用Get-ADUser
执行此操作,还是应该使用Get-ADGroupMember
之类的内容?
$smtpServer="mail.company.com"
$expireindays = 10
$ADGroup ="CN=Parent-test,OU=Groups,OU=Test,DC=Test1,DC=Test2,DC=Test3,DC=com"
$OfficeOU ="OU=Test,DC=Test1,DC=Test2,DC=Test3,DC=com"
#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter {memberof -eq $ADGroup} -properties * -searchbase $OfficeOU |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
foreach ($user in $users)
{
$Name = (Get-ADUser $user | foreach { $_.GivenName})
$emailaddress = $user.emailaddress
$passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}
else
{
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}
$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject="Your Network/Outlook password will expire in $daystoExpire days"
$attachment="C:\Util\Outlook Web App Password Change Procedure.pdf"
$body ="
Dear $name,
<p> Your Network/Outlook password will expire in $daystoexpire days.<br>
Please follow the instructions in the attached guide to change your password. For assistance, please contact me or send an email to admin@support.com<br>
if ($daystoexpire -lt $expireindays)
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -attachments $attachment -bodyasHTML -priority High
}
}
答案 0 :(得分:0)
我会首先使用Get-ADGroupMember $ADGroup -Recursive
收集一个群组成员列表,然后将用户与之匹配,例如:
$pattern = [regex]::Escape($OfficeOU)
Get-ADGroupMember $ADGroup -Recursive |
Get-ADUser -Properties * |
? { $_.Enabled -and $_.PasswordNeverExpires -eq $false -and $_.passwordexpired -eq $false -and $_.DistinguishedName -match $pattern }