您是否知道我是否可以在不安装ActiveDirectory模块的情况下检查用户是否在ActiveDirectory中被锁定?在机器上安装东西有一个限制,我想知道是否可以使用另一个功能,与Get-ADUser不同。 谢谢!
答案 0 :(得分:1)
类似的东西:
$sAMAccountName = "testuser"
$ADS_UF_LOCKOUT = 16
$Attribute = "msds-user-account-control-computed"
$ADSearcher = New-Object System.DirectoryServices.DirectorySearcher
$ADSearcher.PageSize = 1000
$ADSearcher.Filter = "samaccountname=$sAMAccountName"
$User = $ADSearcher.FindOne()
$MyUser = $User.GetDirectoryEntry()
$MyUser.RefreshCache($Attribute)
$UserAccountFlag = $MyUser.Properties[$Attribute].Value
if ( $UserAccountFlag -band $ADS_UF_LOCKOUT )
{
Write-host "Account $sAMAccountName is locked"
}
else
{
Write-host "Account $sAMAccountName isn't locked"
}
答案 1 :(得分:0)
查看dsquery,即cmd,但可以从Powershell https://technet.microsoft.com/en-us/library/cc732952.aspx调用