Mudanças entre as edições de "Microsoft AD"

De TheNets Wiki
Ir para: navegação, pesquisa
(Criou página com 'Scripts e exemplos de como trabalhar com o Active Directory. === Desativar contas ociosas do AD === <syntaxhighlight lang="powershell" line="1"> # Disable inactive AD users...')
 
 
(Uma revisão intermediária pelo mesmo usuário não está sendo mostrada)
Linha 1: Linha 1:
 
Scripts e exemplos de como trabalhar com o Active Directory.
 
Scripts e exemplos de como trabalhar com o Active Directory.
  
=== Desativar contas ociosas do AD ===
+
===Desativar contas ociosas do AD===
 
<syntaxhighlight lang="powershell" line="1">
 
<syntaxhighlight lang="powershell" line="1">
 
# Disable inactive AD users
 
# Disable inactive AD users
 +
$LogFilePath = "C:\Scripts\disabled_users.log"
  
 
# Select only users with more than 90 days inactive
 
# Select only users with more than 90 days inactive
 
$timespan = New-Timespan –Days 90
 
$timespan = New-Timespan –Days 90
 +
$UsersToBeDisabled = Search-ADAccount -UsersOnly -AccountInactive –TimeSpan $timespan
  
 
# All inactive users but Administrator
 
# All inactive users but Administrator
$Users = Search-ADAccount -UsersOnly -AccountInactive –TimeSpan $timespan | Where-Object {$_.Name -ne 'Administrator'}
+
$UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Name -ne 'Administrator'}
 +
 
 +
# Ignore disabled users
 +
$UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Enabled -eq $true}
  
 
# Ignore users that never logged-on (like the "AWS_SecureConnect" user)
 
# Ignore users that never logged-on (like the "AWS_SecureConnect" user)
$UsersToBeDisabled = $Users | ForEach-Object { if($_.LastLogonDate) {$_} }
+
$UsersToBeDisabled = $UsersToBeDisabled | ForEach-Object { if($_.LastLogonDate) {$_} }
  
 
# List users to be disabled
 
# List users to be disabled
Linha 18: Linha 23:
  
 
# Disable AD account
 
# Disable AD account
$UsersToBeDisabled | Disable-ADAccount
+
$UsersToBeDisabled | ForEach-Object {
 +
    Disable-ADAccount $_.Name
 +
 
 +
    # Log to CSV file
 +
    $DisabledAt = Get-Date -format "dd-MMM-yyyy HH:mm"
 +
    $Event = $_ | Add-Member -NotePropertyMembers @{DisabledAt=$DisabledAt.Normalize()} -PassThru -Force
 +
    $Event = $Event | Select DisabledAt,LastLogonDate,Name,LockedOut,PasswordExpired,PasswordNeverExpires,SamAccountName,UserPrincipalName
 +
    $Event | Export-Csv -Path $LogFilePath -NoTypeInformation -Append
 +
   
 +
}
 
</syntaxhighlight><br />
 
</syntaxhighlight><br />

Edição atual tal como às 02h17min de 14 de fevereiro de 2020

Scripts e exemplos de como trabalhar com o Active Directory.

Desativar contas ociosas do AD

 1 # Disable inactive AD users
 2 $LogFilePath = "C:\Scripts\disabled_users.log"
 3 
 4 # Select only users with more than 90 days inactive
 5 $timespan = New-Timespan Days 90
 6 $UsersToBeDisabled = Search-ADAccount -UsersOnly -AccountInactive TimeSpan $timespan
 7 
 8 # All inactive users but Administrator
 9 $UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Name -ne 'Administrator'}
10 
11 # Ignore disabled users
12 $UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Enabled -eq $true}
13 
14 # Ignore users that never logged-on (like the "AWS_SecureConnect" user)
15 $UsersToBeDisabled = $UsersToBeDisabled | ForEach-Object { if($_.LastLogonDate) {$_} }
16 
17 # List users to be disabled
18 $UsersToBeDisabled
19 
20 # Disable AD account
21 $UsersToBeDisabled | ForEach-Object {
22     Disable-ADAccount $_.Name
23 
24     # Log to CSV file
25     $DisabledAt = Get-Date -format "dd-MMM-yyyy HH:mm"
26     $Event = $_ | Add-Member -NotePropertyMembers @{DisabledAt=$DisabledAt.Normalize()} -PassThru -Force
27     $Event = $Event | Select DisabledAt,LastLogonDate,Name,LockedOut,PasswordExpired,PasswordNeverExpires,SamAccountName,UserPrincipalName
28     $Event | Export-Csv -Path $LogFilePath -NoTypeInformation -Append
29     
30 }