禁用AD用户帐户的ESET安全身份验证

时间:2018-06-13 18:49:42

标签: powershell active-directory

是否有人了解如何使用Powershell脚本禁用用户的ESET安全身份验证设置?

我有一个脚本可以禁用用户的Active Directory帐户,重置密码,并将其移动到新的OU,但现在我不知道如何禁用与其ESET信息相关的属性。从ADUC GUI中,您可以取消选中其硬件令牌的框并重新调整密钥,因此我认为可以使用我可以包含在当前脚本中的脚本来实现此目的。

# Imports module for running commandlets against Active Directory, and inputs user name
# into variable.
# Enter-PSSession DomainController // Need to run this commandlet from your local
# machine first.

Echo "You are about to disable a user account. Verify your information!"
Read-Host "Press ENTER to continue."
Import-module ActiveDirectory
$User1 = Read-Host -Prompt 'Enter the username of the employee you wish to change'

# Disables named users ActiveDirectory Account.
# "Locked Account" does not show but need to right click to enable
 Disable-ADAccount -Identity $User1

# Adds AD group "Disabled Users" to named user group membership
 Add-ADGroupMember -Identity 'Disabled Users' -Member $User1

# Set named users primary group to "Disabled Users" 
 Set-ADUser -Identity $User1 -Replace @{PrimaryGroupID="0000"}

# Removes groups assigned to named users membership
 Get-ADUser -Identity $User1 -Properties MemberOf | ForEach-Object {
  $_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
 }

# Changes named users password based on Administrators input
 $newpwd = Read-Host "Enter the new password" -AsSecureString -WhatIf
 Set-ADAccountPassword $User1 -NewPassword $newpwd –Reset -WhatIf

# Moves named user from current OU to "Employee DISABLED\DISABLED" container
 get-aduser $User1 | move-adobject -targetpath
 "ou=DISABLED,ou=Employee DISABLED,dc=DOMAINNAME,dc=com"

# Much respect due to the onesixooh!
 Read-Host "Press ENTER to finish"
 Write-Host "    **********************************************************
       >>>    Get the money.  Dolla dolla bill y'all.   <<<

    **********************************************************"

非常感谢任何建议。

1 个答案:

答案 0 :(得分:1)

尝试使用Windows Server ADAC(AD管理中心)为您编写此代码,看看是否能让您更接近最终目标。

  • 打开ADAC
  • 使用GUI执行所需的步骤
  • 打开PowerShell历史记录查看器
  • 复制并粘贴到您喜欢的PoSH编辑器(ISE,VSCode等等)并进行调整 根据需要。