我编写了一个Powershell脚本,以便管理员可以轻松更改或解锁用户帐户,而无需处理AD。该脚本可以重置用户的密码或解锁用户的帐户。但它不会输出重置用户密码的消息框功能它会为解锁用户生成输出。我查看并查看了代码,但看不到问题。任何援助都会很棒。为了安全起见,我在以下代码中更改了服务器地址和密码。
#region Import the Assemblies
#----------------------------------------------
[void][reflection.assembly]::Load("System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Windows.Forms, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Drawing, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
[void][reflection.assembly]::Load("mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Data, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Xml, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.DirectoryServices,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
#endregion Import Assemblies
#----------------------------------------------
#region Generated Form Objects
#----------------------------------------------
[System.Windows.Forms.Application]::EnableVisualStyles()
$MainForm = New-Object 'System.Windows.Forms.Form'
$labelPasswordReset = New-Object 'System.Windows.Forms.Label'
$textbox2 = New-Object 'System.Windows.Forms.TextBox'
$textbox1 = New-Object 'System.Windows.Forms.TextBox'
$buttonUnlockUserAccount = New-Object 'System.Windows.Forms.Button'
$buttonResetUserPassword = New-Object 'System.Windows.Forms.Button'
$InitialFormWindowState = New-Object 'System.Windows.Forms.FormWindowState'
$Icon = New-Object System.Drawing.Icon ("C:\Temp\ps2exe\Paomedia-Small-N-
Flat-Key.ico")
#endregion Generated Form Objects
#----------------------------------------------
# User Generated Script
#----------------------------------------------
$OnLoadFormEvent={
#Initialize Form Controls here
}
$buttonResetUserPassword_Click=
{
#Place custom script here
$ADuser = $textbox2.Text
if ([string]::IsNullOrEmpty($ADuser) -eq $false)
{
Function Set-AdUserPwd
{
Param(
[string]$ADuser,
[string]$pwd
) #end param
$strFilter = "(&(objectCategory=User)(sAMAccountName=$ADuser))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object
System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$userLDAP = $objSearcher.FindOne() | select-object -
ExpandProperty Path
if ($userLDAP.Length -gt 0)
{
$oUser = [adsi]"$userLDAP"
$setADUserPwdmsgbox = [System.Windows.Forms.MessageBox]::Show("You have selected $userLDAP. Is this correct?","",4)
if ($setADUserPwdmsgbox -eq "YES" )
{
Get-ADUser -Filter {SamACcountName -like $ADuser} -ErrorAction SilentlyContinue | Set-ADAccountPassword -NewPassword (ConvertTo-SecureString -AsPlainText $pwd -Force) -Reset -ErrorAction SilentlyContinue
}
else
{
[System.Windows.Forms.MessageBox]::Show("This username does not exist. Please try again.")
}
}
}
}
# CALL FUNCTION
$NEWPWD = Set-adaccountpassword -Server servername.local -Identity $ADuser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "TestLogin18" -Force)
if ($NEWPWD.Length -gt 0)
{
$Reset_Error = $null
Set-ADUserPwd -user $ADuser -pwd $NEWPWD
if ((Get-ADUser -Filter {SamACcountName -like $ADuser} -Properties PasswordLastSet -ErrorVariable Reset_Error -ErrorAction SilentlyContinue | Select PasswordLastSet -ExpandProperty PasswordLastSet) -gt (Get-Date).AddMinutes(-1))
{
[System.Windows.Forms.MessageBox]::Show("The Password for " + $ADuser + " has been reset." + "`r`n" + "The Temporary Password has been set to: TestLogin18" + "`r`n" + "The user will need to change their password upon login" + "`r`n`r`n" + "PASSWORD POLICY:" + "`r`n" + "Passwords must be 8 Characters long. `r`n They cannot be a password the user has used in the past,`r`n and they must have the following" + "`r`n" + "One Capital letter" + "`r`n" + "One lowercase letter" + "`r`n" + "One number" + "`r`n" + "& One Special Character." + "`r`n")
}
else
{
if ($Reset_Error.Length -gt 0)
{
[System.Windows.Forms.MessageBox]::Show("There was an error using Active Directory. Are you using an account with proper privileges with RSAT installed?")
}
[System.Windows.Forms.MessageBox]::Show("Reset aborted.")
}
}
}
else
{
[System.Windows.Forms.MessageBox]::Show("The username field is empty.")
}
$buttonUnlockUserAccount_Click=
{
$ADuser = $textbox2.Text
if ([string]::IsNullOrEmpty($ADuser) -eq $false)
{
Function Unlock-ADUser
{
Param(
[string]$ADuser
) #end param
$strFilter = "(&(objectCategory=User)(sAMAccountName=$ADuser))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$userLDAP = $objSearcher.FindOne() | select-object -ExpandProperty Path
if ($userLDAP.Length -gt 0)
{
$oUser = [adsi]"$userLDAP"
$setADUserPwdmsgbox = [System.Windows.Forms.MessageBox]::Show("You have selected $userLDAP. Is this correct?","",4)
if ($setADUserPwdmsgbox -eq "YES" )
{
Get-ADUser -Filter {SamACcountName -like $ADuser} -ErrorAction SilentlyContinue | Unlock-ADAccount -ErrorAction SilentlyContinue
#$ouser.psbase.invokeset("AccountDisabled","False")
#$ouser.psbase.CommitChanges()
}
else
{
}
}
else
{
[System.Windows.Forms.MessageBox]::Show("This username does not exist. Please try again.")
}
}
# CALL FUNCTION
$Unlock_Error = $null
if ((Get-ADUser -Filter {SamACcountName -like $ADuser} -Properties LockedOut -ErrorVariable Unlock_Error -ErrorAction SilentlyContinue | Select LockedOut -ExpandProperty LockedOut) -eq $False)
{
[System.Windows.Forms.MessageBox]::Show("$ADuser is already unlocked.")
}
else
{
Unlock-ADUser -user $ADuser
if ((Get-ADUser -Filter {SamACcountName -like $ADuser} -Properties LockedOut -ErrorVariable Unlock_Error -ErrorAction SilentlyContinue | Select LockedOut -ExpandProperty LockedOut) -eq $False)
{
[System.Windows.Forms.MessageBox]::Show("$ADuser has been unlocked.")
}
else
{
if ($Unlock_Error.Length -gt 0)
{
[System.Windows.Forms.MessageBox]::Show("There was an error using Active Directory. Are you using an account with proper privileges with RSAT installed?")
}
[System.Windows.Forms.MessageBox]::Show("Unlock aborted.")
}
}
}
else
{
[System.Windows.Forms.MessageBox]::Show("The username field is empty.")
}
}
# --End User Generated Script--
#----------------------------------------------
#region Generated Events
#----------------------------------------------
$Form_StateCorrection_Load=
{
#Correct the initial state of the form to prevent the .Net maximized form issue
$MainForm.WindowState = $InitialFormWindowState
}
$Form_Cleanup_FormClosed=
{
#Remove all event handlers from the controls
try
{
$buttonUnlockUserAccount.remove_Click($buttonUnlockUserAccount_Click)
$buttonResetUserPassword.remove_Click($buttonResetUserPassword_Click)
$MainForm.remove_Load($OnLoadFormEvent)
$MainForm.remove_Load($Form_StateCorrection_Load)
$MainForm.remove_FormClosed($Form_Cleanup_FormClosed)
}
catch [Exception]
{ }
}
#endregion Generated Events
#----------------------------------------------
#region Generated Form Code
#----------------------------------------------
#
# MainForm
#
$MainForm.Controls.Add($labelPasswordReset)
$MainForm.Controls.Add($textbox2)
$MainForm.Controls.Add($textbox1)
$MainForm.Controls.Add($buttonUnlockUserAccount)
$MainForm.Controls.Add($buttonResetUserPassword)
$MainForm.ClientSize = '450, 120'
$MainForm.Name = "MainForm"
$form.Icon = $Icon
$MainForm.StartPosition = 'CenterScreen'
$MainForm.Text = "User Password Reset & Unlock tool"
$MainForm.add_Load($OnLoadFormEvent)
#
# labelPasswordReset
#
$labelPasswordReset.Font = "Tahoma, 9.75pt, style=Bold"
$labelPasswordReset.Location = '10, 10'
$labelPasswordReset.Name = "labelPasswordReset"
$labelPasswordReset.Size = '450, 14'
$labelPasswordReset.TabIndex = 6
$labelPasswordReset.Text = "Please enter username below for Password reset
or unlock."
$labelPasswordReset.TextAlign = 'TopCenter'
#
# textbox1
#
$textbox1.Enabled = $False
$textbox1.Location = '55, 40'
$textbox1.Name = "textbox1"
$textbox1.ReadOnly = $True
$textbox1.Size = '61, 20'
$textbox1.TabIndex = 7
$textbox1.Text = "Username: "
#
# textbox2
#
$textbox2.Location = '110, 40'
$textbox2.Name = "textbox2"
$textbox2.Size = '275, 20'
$textbox2.TabIndex = 8
#
# buttonResetUserPassword
#
$buttonResetUserPassword.Font = "Tahoma, 8pt"
$buttonResetUserPassword.Location = '55, 70'
$buttonResetUserPassword.Name = "buttonResetUserPassword"
$buttonResetUserPassword.Size = '165, 22'
$buttonResetUserPassword.TabIndex = 9
$buttonResetUserPassword.Text = "Reset User Password"
$buttonResetUserPassword.UseVisualStyleBackColor = $True
$buttonResetUserPassword.add_Click($buttonResetUserPassword_Click)
#
# buttonUnlockUserAccount
#
$buttonUnlockUserAccount.Font = "Tahoma, 8pt"
$buttonUnlockUserAccount.Location = '220, 70'
$buttonUnlockUserAccount.Name = "buttonUnlockUserAccount"
$buttonUnlockUserAccount.Size = '165, 22'
$buttonUnlockUserAccount.TabIndex = 10
$buttonUnlockUserAccount.Text = "Unlock User Account"
$buttonUnlockUserAccount.UseVisualStyleBackColor = $True
$buttonUnlockUserAccount.add_Click($buttonUnlockUserAccount_Click)
#
#endregion Form Code
#----------------------------------------------
#Save the initial state of the form
$InitialFormWindowState = $MainForm.WindowState
#Init the OnLoad event to correct the initial state of the form
$MainForm.add_Load($Form_StateCorrection_Load)
#Clean up the control events
$MainForm.add_FormClosed($Form_Cleanup_FormClosed)
#Show the Form
return $MainForm.ShowDialog()