Powershell 从ps1脚本中访问ADUser.extensionAttribute
我正试图修改我在网上找到的ps1脚本。它应该检查密码到期前还有多少天,并向地址发送通知电子邮件,地址存储在Active Directory帐户属性-extensionAttribute1中。没有办法使用本机电子邮件属性,因为某些帐户没有电子邮件(无法使用MSA的系统帐户),通常我必须通知用户并将副本发送给自己,以记住这一点。原因:某些用户在登录时无法收到Windows系统消息的通知,因为他们通过VPN(win XP)在域网络中工作。 有一个代码:Powershell 从ps1脚本中访问ADUser.extensionAttribute,powershell,active-directory,ps1,Powershell,Active Directory,Ps1,我正试图修改我在网上找到的ps1脚本。它应该检查密码到期前还有多少天,并向地址发送通知电子邮件,地址存储在Active Directory帐户属性-extensionAttribute1中。没有办法使用本机电子邮件属性,因为某些帐户没有电子邮件(无法使用MSA的系统帐户),通常我必须通知用户并将副本发送给自己,以记住这一点。原因:某些用户在登录时无法收到Windows系统消息的通知,因为他们通过VPN(win XP)在域网络中工作。 有一个代码: Import-Module ActiveDire
Import-Module ActiveDirectory
#System globalization
$ci = New-Object System.Globalization.CultureInfo("en-US")
#SMTP server name
$smtpServer = "mail.domain.local"
#Creating a Mail object
$msg = new-object Net.Mail.MailMessage
#Creating SMTP server object
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
#E-mail structure
Function EmailStructure($to,$expiryDate,$upn)
{
$msg.IsBodyHtml = $true
$msg.From = "notification@domain.com"
$msg.To.Add($to)
$msg.Subject = "Password expiration notice"
$msg.Body = "<html><body><font face='Arial'>This is an automatically generated message from Exchange service.<br><br><b>Please note that the password for your account $upn will expire on $expiryDate.</b><br><br>Please change your password immediately or at least before this date as you will be unable to access the service without contacting your administrator.</font></body></html>"
}
#Set the target OU that will be searched for user accounts
$OU = "OU=Domain,DC=domain,DC=local"
$ADAccounts = Get-ADUser -LDAPFilter "(objectClass=user)" -searchbase $OU -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, Mail, Enabled | Where-object {$_.Enabled -eq $true -and $_.PasswordNeverExpires -eq $false}
Foreach ($ADAccount in $ADAccounts)
{
$accountFGPP = Get-ADUserResultantPasswordPolicy $ADAccount
if ($accountFGPP -ne $null) {
$maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
} else {
$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}
#Fill in the user variables
$samAccountName = $ADAccount.samAccountName
<-- $userEmailAddress = $ADAccount.extensionAttribute1 -->
$userPrincipalName = $ADAccount.UserPrincipalName
if ($ADAccount.PasswordExpired) {
Write-host "The password for account $samAccountName has expired!"
} else {
$ExpiryDate = $ADAccount.PasswordLastSet + $maxPasswordAgeTimeSpan
Write-host "The password for account $samAccountName expires on: $ExpiryDate"
$TodaysDate = Get-Date
$DaysToExpire = $ExpiryDate - $TodaysDate
#Write-Host $DaysToExpire.Days
if ($DaysToExpire.Days -lt 7) {
$expiryDate = $expiryDate.ToString("d",$ci)
#Generate e-mail structure and send message
if ($userEmailAddress) {
EmailStructure $userEmailAddress $expiryDate $userPrincipalName
$smtp.Send($msg)
}
Write-Host "NOTIFICATION - $samAccountName :: e-mail was sent to $userEmailAddress"
}
}
}
导入模块ActiveDirectory
#系统全球化
$ci=新对象系统.全球化.文化信息(“en-US”)
#SMTP服务器名称
$smtpServer=“mail.domain.local”
#创建邮件对象
$msg=新对象Net.Mail.MailMessage
#创建SMTP服务器对象
$smtp=新对象Net.Mail.SmtpClient($smtpServer)
#电子邮件结构
函数结构($to、$expiryDate、$upn)
{
$msg.IsBodyHtml=$true
$msg.From=”notification@domain.com"
$msg.To.Add($To)
$msg.Subject=“密码过期通知”
$msg.Body=“这是从Exchange服务自动生成的邮件。
请注意,$upn帐户的密码将于$expiryDate过期。
请立即或至少在此日期之前更改密码,因为如果不与管理员联系,您将无法访问该服务。”
}
#设置将搜索用户帐户的目标OU
$OU=“OU=Domain,DC=Domain,DC=local”
$ADAccounts=Get ADUser-LDAPFilter“(objectClass=user)”-searchbase$OU-properties PasswordExpired、PasswordNeverExpires、PasswordLastSet、Mail、Enabled |其中object{$\已启用-eq$true-和$\密码neverexpires-eq$false}
Foreach($ADAccounts中的ADAccounts)
{
$accountFGPP=获取ADUserResultantPasswordPolicy$ADAccount
如果($accountFGPP-ne$null){
$maxPasswordAgeTimeSpan=$accountFGPP.MaxPasswordAge
}否则{
$maxPasswordAgeTimeSpan=(获取AddFaultDomainPasswordPolicy)。MaxPasswordAge
}
#填写用户变量
$samAccountName=$ADAccount.samAccountName
$userPrincipalName=$ADAccount.userPrincipalName
如果($ADAccount.PasswordExpired){
写入主机“帐户$samAccountName的密码已过期!”
}否则{
$ExpiryDate=$ADAccount.PasswordLastSet+$maxPasswordAgeTimeSpan
写入主机“帐户$samAccountName的密码在:$ExpiryDate过期”
$TodaysDate=获取日期
$DaysToExpire=$expireydate-$TodaysDate
#写入主机$DaysToExpire.Days
如果($DaysToExpire.Days-lt 7){
$expiryDate=$expiryDate.ToString(“d”,$ci)
#生成电子邮件结构并发送消息
如果($userEmailAddress){
EmailStructure$userEmailAddress$expiryDate$userPrincipalName
$smtp.Send($msg)
}
写入主机“通知-$samAccountName::电子邮件已发送到$userEmailAddress”
}
}
}
但命令行并没有返回“extensionAttribute1”。
我用箭头标出了它。
有人能帮忙吗?您需要在-Properties参数($ADAccounts assignment)中包含extensionAttribute1
$ADAccounts = Get-ADUser ... -Properties extensionAttribute1,PasswordExpired...