Mudanças

Ir para: navegação, pesquisa

Microsoft AD

640 bytes adicionados, 14 fevereiro
sem sumário de edição
Scripts e exemplos de como trabalhar com o Active Directory.
=== Desativar contas ociosas do AD ===
<syntaxhighlight lang="powershell" line="1">
# Disable inactive AD users
$LogFilePath = "C:\Scripts\disabled_users.log"
# Select only users with more than 90 days inactive
$timespan = New-Timespan –Days 90
$UsersToBeDisabled = Search-ADAccount -UsersOnly -AccountInactive –TimeSpan $timespan
# All inactive users but Administrator
$Users UsersToBeDisabled = Search-ADAccount -UsersOnly -AccountInactive –TimeSpan $timespan UsersToBeDisabled | Where-Object {$_.Name -ne 'Administrator'} # Ignore disabled users$UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Enabled -eq $true}
# Ignore users that never logged-on (like the "AWS_SecureConnect" user)
$UsersToBeDisabled = $Users UsersToBeDisabled | ForEach-Object { if($_.LastLogonDate) {$_} }
# List users to be disabled
# Disable AD account
$UsersToBeDisabled | ForEach-Object { Disable-ADAccount$_.Name  # Log to CSV file $DisabledAt = Get-Date -format "dd-MMM-yyyy HH:mm" $Event = $_ | Add-Member -NotePropertyMembers @{DisabledAt=$DisabledAt.Normalize()} -PassThru -Force $Event = $Event | Select DisabledAt,LastLogonDate,Name,LockedOut,PasswordExpired,PasswordNeverExpires,SamAccountName,UserPrincipalName $Event | Export-Csv -Path $LogFilePath -NoTypeInformation -Append }
</syntaxhighlight><br />

Menu de navegação