我有一个PS脚本,它作为计划任务运行,目的是审核某些Active Directory标准。我正在尝试合并一项功能,该功能将检查禁用的用户是否分配了E3许可证。该功能在使用Powershell ISE时有效,但不能作为计划任务使用。
我最初对这种功能的搜索告诉我,也许没有多少人尝试这样做,或者这种方法无效。
if (!(Get-Module -Name MSOnline)) {Import-Module MSOnline}
#Logon to O365 Tenant and query for users with an E3 license, then split their UPN discarding @domain.suffix leaving their samaccountname so I can compare with AD.
$TenantUserName = "svc-blah@blah.blah"
$TenantPassword = cat "C:\blah\PK\blah.key" | ConvertTo-SecureString
$TenantCredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $TenantUserName, $TenantPassword
Connect-MsolService -Credential $TenantCredentials
$YE3s = Get-MsolUser -all | Where-Object {($_.licenses).AccountSkuId -match "reseller-account:ENTERPRISEPACK"} | select @{N='ADUSER';E={($_.UserPrincipalName).split('@')[0]}}
# Subsequent lines query AD for disabled users and compares $YE3s.aduser with $E3CheckDis
$DUWE3 = Compare-Object -ReferenceObject $E3CheckDis.samaccountname -DifferenceObject $YE3s.aduser -IncludeEqual | where {$_.SideIndicator -eq "=="}
#The sideline indicator "==" output is then sent to get-aduser
$ACCE3CHK =
foreach ($DU in $DUWE3)
{get-aduser $DU.InputObject -properties * | select Name,Distinguishedname,AccountExpirationDate,Employeetype,@{N='PwdLastSet'; E={[DateTime]::FromFileTime($_.PwdLastSet)}},Mail,Enabled}
#$ACCE3CHK is then added to a email message body as a formatted table and is sent to some individuals in the dept for corrective action.
当我以执行工作的帐户登录到系统时,整个脚本也可以在ISE中运行,这也是运行计划任务的帐户,但是运行任务的电子邮件中的输出为Null。 / p>