我使用以下脚本获取远程管理员帐户名,我启用/禁用所有管理员。我想只是启用管理员帐户/获取帐户的状态是否已启用/已取消。尝试但失败了。任何人都可以帮忙。
$Computers = Get-Content "D:\doc\Work\sCRIPTS\servers.txt"
foreach ($Computer in $Computers) {
$strcomputer = [ADSI]("WinNT://" + $Computer + ",computer")
$Group = $strcomputer.psbase.children.find("Administrators")
$members= $Group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$Computer | Add-Content D:\doc\Work\sCRIPTS\export.xls
ForEach($user in $members){
$user | Add-Content D:\doc\Work\sCRIPTS\export.xls
}
Write-Host ""
}
答案 0 :(得分:0)
我认为您需要通过检索Administrators组的每个用户对象成员来更改脚本的结尾,并在对象的userFlags属性中验证它是否为Disabled。
$Computers = Get-Content "D:\doc\Work\sCRIPTS\servers.txt"
foreach ($Computer in $Computers) {
$strcomputer = [ADSI]("WinNT://" + $Computer + ",computer")
$Group = $strcomputer.psbase.children.find("Administrators")
$members= $Group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$Computer | Add-Content D:\doc\Work\sCRIPTS\export.xls
ForEach($user in $members)
{
$userObj = [ADSI]("WinNT://" +$computer+"/"+ $user)
if ($userObj.UserFlags -ne $null)
{
$flags = $userObj.UserFlags[0]
if ($flags -band 512) # 512 = enabled, 2 = disabled
{
$user | Add-Content D:\doc\Work\sCRIPTS\export.xls
}
}
}
}