Is there any way to find out users on my domain with blank password using powershell?
We already have a policy set for this but with too many admin teams managing different parts of domain just want to be sure if there is any active directory account with password = blank
Something like this should do for you:
Get-ADUser -Filter * -SearchBase "OU=SomeOU,DC=mydomain,DC=forest,DC=local" | ForEach {
$_.SamAccountName
(new-object directoryservices.directoryentry "", ("domain\" + $_.SamAccountName), "").psbase.name -ne $null
Write-Host ""
}
This will test all users for a blank password.
Alternatively - if you have a test password to use (you're looking for all "password123" users - try:
(new-object directoryservices.directoryentry "", ("domain\" + $_.SamAccountName), "password123").psbase.name -ne $null
I use this for validating users on a rolling basis to look for all AD user accounts which have been created but never logged onto (and therefore still use our default password).
I've just tested this on a PowerShell 4 windows 8.1 machine and it works - but this is also known to work from anything running PowerShell 4 and 5 (and possibly older)
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加