我在PowerShell中有这个脚本。我想为每个用户从文件导入设置随机密码,我希望弹出cmd中的所有注释我想保存在其他txt文件中。我该怎么做?
#
# Description: Enable accounts, reset passwords and set change password option at first logon.
#
Import-Module ActiveDirectory
# Set default password "XXX"
$password = ConvertTo-SecureString -AsPlainText “XXX” -Force
# get account list from UserList.txt
# 1 user per line
$users = Get-Content -Path 'G:\Shares\XXX\ResetPassword\UserList.txt'
ForEach ($user in $users)
{
# Set default password for account
Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset
# Set option to change password at first logon
Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
# Enable account
Enable-ADAccount -Identity $user
Write-Host “Password change for: $user”
}
Write-Host “New password for all users: XXX”
# ————- End ———–
Read-Host -Prompt "Click enter to quit"
答案 0 :(得分:6)
您可以使用静态GeneratePassword .net方法生成密码:
Add-Type -AssemblyName System.Web
[System.Web.Security.Membership]::GeneratePassword(10, 3)
修改
您必须将脚本更改为:
#
# Description: Enable accounts, reset passwords and set change password option at first logon.
#
Import-Module ActiveDirectory
Add-Type -AssemblyName System.Web
$unsecuredPwd = [System.Web.Security.Membership]::GeneratePassword(10, 3)
# Set default password "XXX"
$password = ConvertTo-SecureString -AsPlainText $unsecuredPwd -Force
# get account list from UserList.txt
# 1 user per line
$users = Get-Content -Path 'G:\Shares\XXX\ResetPassword\UserList.txt'
ForEach ($user in $users)
{
# Set default password for account
Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset
# Set option to change password at first logon
Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
# Enable account
Enable-ADAccount -Identity $user
Write-Host "Password change for: $user"
}
Write-Host "New password for all users: $unsecuredPwd"
# ————- End ———–
Read-Host -Prompt "Click enter to quit"
答案 1 :(得分:0)
@MartinBrandl的答案有效,但是需要导入System.Web.。以下是定制的解决方案,它将使用系统的密码生成器和一些数学运算来生成随机可打印的ASCII字符串。样本用法:[SecureRandom]::GeneratePassword(64)。集成到脚本中留给读者练习……
class SecureRandom {
hidden static [System.Security.Cryptography.RandomNumberGenerator] $m_randomNumberGenerator = ([System.Security.Cryptography.RNGCryptoServiceProvider]::new());
hidden static [System.UInt32] NextUInt32([System.UInt32]$exclusiveHigh) {
[System.UInt32]$range = ([System.UInt32]::MaxValue - ((([System.UInt32]::MaxValue % $exclusiveHigh) + 1) % $exclusiveHigh));
[System.UInt32]$result = 0;
do { # perform rejection sampling to avoid bias; see https://en.wikipedia.org/wiki/Rejection_sampling, https://en.wikipedia.org/wiki/Rejection_sampling, https://www.pcg-random.org/posts/bounded-rands.html
$result = [SecureRandom]::NextUInt32();
} while ($result -gt $range);
return ($result % $exclusiveHigh);
}
static [System.String] GeneratePassword([System.UInt32]$length) {
$result = [char[]]::new($length);
for ($i = 0; ($i -lt $length); ++$i) { # generate a random ASCII character within the "printable" decimal range of 32-126; this currently "wastes" 3 bytes per iteration and could be made more efficient...
$result[$i] = ([char][SecureRandom]::NextUInt32(32, 126));
}
return [System.String]::new($result);
}
static [byte[]] GetBytes([int]$count) {
[byte[]]$result = [byte[]]::new($count);
[SecureRandom]::m_randomNumberGenerator.GetBytes($result);
return $result;
}
static [System.UInt32] NextUInt32() {
return [System.BitConverter]::ToUInt32([SecureRandom]::GetBytes(4), 0);
}
static [System.UInt32] NextUInt32([System.UInt32]$x, [System.UInt32]$y) {
if ($x -gt $y) {
$z = $x;
$x = $y;
$y = $z;
}
[System.UInt32]$range = ($y - $x);
if ($range -ne [System.UInt32]::MaxValue) {
return ([SecureRandom]::NextUInt32($range + 1) + $x);
}
else {
return [SecureRandom]::NextUInt32();
}
}
}