Microsoft AD

De TheNets Wiki
Ir para: navegação, pesquisa

Scripts e exemplos de como trabalhar com o Active Directory.

Desativar contas ociosas do AD

 1 # Disable inactive AD users
 2 $LogFilePath = "C:\Scripts\disabled_users.log"
 3 
 4 # Select only users with more than 90 days inactive
 5 $timespan = New-Timespan Days 90
 6 $UsersToBeDisabled = Search-ADAccount -UsersOnly -AccountInactive TimeSpan $timespan
 7 
 8 # All inactive users but Administrator
 9 $UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Name -ne 'Administrator'}
10 
11 # Ignore disabled users
12 $UsersToBeDisabled = $UsersToBeDisabled | Where-Object {$_.Enabled -eq $true}
13 
14 # Ignore users that never logged-on (like the "AWS_SecureConnect" user)
15 $UsersToBeDisabled = $UsersToBeDisabled | ForEach-Object { if($_.LastLogonDate) {$_} }
16 
17 # List users to be disabled
18 $UsersToBeDisabled
19 
20 # Disable AD account
21 $UsersToBeDisabled | ForEach-Object {
22     Disable-ADAccount $_.Name
23 
24     # Log to CSV file
25     $DisabledAt = Get-Date -format "dd-MMM-yyyy HH:mm"
26     $Event = $_ | Add-Member -NotePropertyMembers @{DisabledAt=$DisabledAt.Normalize()} -PassThru -Force
27     $Event = $Event | Select DisabledAt,LastLogonDate,Name,LockedOut,PasswordExpired,PasswordNeverExpires,SamAccountName,UserPrincipalName
28     $Event | Export-Csv -Path $LogFilePath -NoTypeInformation -Append
29     
30 }