我从Microsoft博客获得了以下powershell脚本。它完全可以满足我的环境需求,但是它显示密码的有效期为true或false。我需要提取所有本地用户的确切密码到期日期。请有人帮助以下脚本获取本地用户帐户的到期日期以及其他信息。
Param
(
[Parameter(Position=0,Mandatory=$false)]
[ValidateNotNullorEmpty()]
[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
[Parameter(Position=1,Mandatory=$false)]
[Alias('un')][String[]]$AccountName,
[Parameter(Position=2,Mandatory=$false)]
[Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
$Obj = @()
$now = Get-Date
Foreach($Computer in $ComputerName)
{
If($Credential)
{
$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
-Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
}
else
{
$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
-Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
}
Foreach($LocalAccount in $AllLocalAccounts)
{
$rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value
$Object = New-Object -TypeName PSObject
$Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
$Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
$Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
$Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
$Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
$Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
$Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
$Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
$Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
$Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
$Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now-($now.AddSeconds(-$rawPWAge))).Days
$Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
$Obj+=$Object
}
If($AccountName)
{
Foreach($Account in $AccountName)
{
$Obj|Where-Object{$_.Name -like "$Account"}
}
}
else
{
$Obj
}
}
为了让你需要减去密码失效日期PasswordAge从MaxPasswordAge并添加所产生的秒到数$now:
$user = [adsi]"WinNT://$computer/$($LocalAccount.Name),user"
$rawPWAge = $user.PasswordAge.Value
$maxPWAge = $user.MaxPasswordAge.Value
...
$Object | Add-Member -MemberType NoteProperty -Name 'Password Expiry Date' `
-Value $now.AddSeconds($maxPWAge - $rawPWAge)
附带说明,您永远不要$Obj+=$Object在循环中使用。将对象添加到数组会将所有项目从现有数组复制到新数组(大小+ 1),因此可以确保该操作执行不佳。最好ForEach-Object在管道中使用循环:
$Obj = $AllLocalAccounts | ForEach-Object {
$user = ([adsi]"WinNT://$computer/$($_.Name),user")
$pwAge = $user.PasswordAge.Value
$maxPwAge = $user.MaxPasswordAge.Value
$pwLastSet = $now.AddSeconds(-$pwAge)
New-Object -TypeName PSObject -Property @{
'Name' = $_.Name
'Full Name' = $_.FullName
'Disabled' = $_.Disabled
'Status' = $_.Status
'LockOut' = $_.LockOut
'Password Expires' = $_.PasswordExpires
'Password Required' = $_.PasswordRequired
'Account Type' = $_.AccountType
'Domain' = $_.Domain
'Password Last Set' = $pwLastSet
'Password Age' = ($now - $pwLastSet).Days
'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
'Description' = $_.Description
}
}
这将自动生成一个对象列表,然后将其分配给$Obj。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句