需要powershell cmd才能导出本地用户密码到期日期

时间:2014-07-07 09:50:11

标签: powershell powershell-v2.0 windows-server-2008-r2 powershell-v3.0 powershell-v1.0

我从Microsoft博客获得了以下powershell脚本。它完全满足我的环境需求,但它将密码到期日期显示为true或false。我需要提取所有本地用户的确切密码到期日期。请有人帮助使用以下脚本来获取本地用户帐户的到期日期以及其他信息。

Param
(
[Parameter(Position=0,Mandatory=$false)]
[ValidateNotNullorEmpty()]
[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
[Parameter(Position=1,Mandatory=$false)]
[Alias('un')][String[]]$AccountName,
[Parameter(Position=2,Mandatory=$false)]
[Alias('cred')][System.Management.Automation.PsCredential]$Credential
)

$Obj = @()
$now = Get-Date
Foreach($Computer in $ComputerName)
{
If($Credential)
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
}
else
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
}

Foreach($LocalAccount in $AllLocalAccounts)
{



    $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value




    $Object = New-Object -TypeName PSObject

    $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
    $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
        $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
        $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
        $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
    $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
    $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
    $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
    $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
    $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
    $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now-($now.AddSeconds(-$rawPWAge))).Days
    $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description




    $Obj+=$Object
}

If($AccountName)
{
    Foreach($Account in $AccountName)
    {
        $Obj|Where-Object{$_.Name -like "$Account"}
    }
}
else
{
    $Obj
}
}

1 个答案:

答案 0 :(得分:0)

要获取密码到期日期,您需要从PasswordAge中减去MaxPasswordAge并将结果秒数添加到$now

$user = [adsi]"WinNT://$computer/$($LocalAccount.Name),user"
$rawPWAge = $user.PasswordAge.Value
$maxPWAge = $user.MaxPasswordAge.Value
...
$Object | Add-Member -MemberType NoteProperty -Name 'Password Expiry Date' `
                -Value $now.AddSeconds($maxPWAge - $rawPWAge)

作为旁注,您不应该在循环中使用$Obj+=$Object。将对象添加到数组会将现有数组中的所有项目复制到新数组(大小+ 1),因此保证操作性能不佳。最好在管道中使用ForEach-Object循环:

$Obj = $AllLocalAccounts | ForEach-Object {
         $user = ([adsi]"WinNT://$computer/$($_.Name),user")
         $pwAge    = $user.PasswordAge.Value
         $maxPwAge = $user.MaxPasswordAge.Value
         $pwLastSet = $now.AddSeconds(-$pwAge)

         New-Object -TypeName PSObject -Property @{
           'Name'                 = $_.Name
           'Full Name'            = $_.FullName
           'Disabled'             = $_.Disabled
           'Status'               = $_.Status
           'LockOut'              = $_.LockOut
           'Password Expires'     = $_.PasswordExpires
           'Password Required'    = $_.PasswordRequired
           'Account Type'         = $_.AccountType
           'Domain'               = $_.Domain
           'Password Last Set'    = $pwLastSet
           'Password Age'         = ($now - $pwLastSet).Days
           'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
           'Description'          = $_.Description
         }
       }

这将自动生成一个对象列表,然后将其分配给$Obj