我在公司工作。用户休假并忘记更改密码,我们的密码有效期为90天,由于我们公司的政策,用户在休假时无法更改密码。
我创建了一个power shell脚本,用于导入活动目录模块并检查其密码的最后设置日期,我将powershell脚本转换为exe。
当用户从他们的PC运行exe文件时,它显示错误,无法加载活动目录模块。
现在我在网上查了一下,论坛建议在PC上安装远程服务器管理工具,然后从Windows功能开启AD DS和AD LDS工具。两者都需要管理权限,我们不能在每个标准用户的PC上执行此操作。
有没有巧妙的方法来运行这个文件,而不是在每台PC上安装RSAT?有没有什么办法可以修改脚本,以便它可以在没有任何管理帐户的所有标准用户PC上运行?谢谢
答案 0 :(得分:1)
您不需要RSAT。 ADSI将满足您的需求:
$Days = 20
$User = [ADSI]"WinNT://$env:USERDNSDOMAIN/$env:USERNAME,user"
$Flags = $User.UserFlags.psbase.Value
# Check if password does not expire bit is set.
If ($Flags -band 65536)
{
"Password does not expire"
}
Else
{
# Convert from seconds to days.
$AgeDays = $User.PasswordAge.psbase.Value / 86400
$MaxAge = $User.MaxPasswordAge.psbase.Value / 86400
If ($AgeDays -gt $MaxAge)
{
"Password Expired"
}
Else
{
If (($AgeDays + $Days) -gt $MaxAge)
{
"Password will expire within $Days days"
}
Else
{
"Password is not about to expire"
}
}
}
答案 1 :(得分:0)
我会做这样的事情
将此脚本保存为 passwordenquiry.vsb 并将其放在共享文件夹中并通过GPO推送桌面快捷方式,将其作为PasswordEnquiry.vbs链接到它,这样当他们点击它时,他们会在密码时收到通知将要过期并告诉他们在离开脚本消息之前更改它。
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 11
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Change it before you go for leave" & chr(13) & "Press CTRL+ALT+DEL and select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing