此脚本用于在AD用户丢失密码并需要重新创建密码时重置其密码。但是,假设我们不仅仅知道用户名的真实姓名,因此我们要搜索用户名并将其插入$Username。
function Reset_Password_Account () {
$Username = Read-Host "Enter your username"
Write-Host "Changing Password for account" $Username
$Newpassword = Read-Host "Enter Temporary Password" -AsSecureString
Write-Host "Running Script..."
Set-ADAccountPassword $Username -NewPassword $Newpassword
Write-Host "Temporary password set"
Set-ADUser $Username -ChangePasswordAtLogon $True
Write-Host "You can now change password on login"
# Stop powershell from exiting after script is run
Read-Host "Press enter to exit"
}
$Readhost = Read-Host "To run script: Enter y
To decline script: Enter n and exit PowerShell
Press Enter to accept your input. ( y / n )"
switch ($ReadHost) {
Y {Reset_Password_Account}
N {exit}
答案 0 :(得分:0)
我建议使用Ambiguous Name Resolution,它会在AD属性(链接列表)中搜索范围并找到任何匹配项。
下面的示例查询将同时返回Jimmy Smith和Jim Smith-Williams
Get-ADUser -LDAPFilter "(anr=Jim Smith)"
它将搜索所有命名属性以字符串"jim smith*"开头的所有对象,以及(givenName=jim*)和(sn=smith*)的所有对象,以及(givenName=smith*)和(sn=jim*)。