728x90

$list = Import-Csv C:\Temp\sam.csv

New-Item -Path C:\Temp -Name sam_check_y.csv -ItemType file -Value ("id" + [Environment]::NewLine)
New-Item -Path C:\Temp -Name sam_check_n.csv -ItemType file -Value ("id" + [Environment]::NewLine)

foreach($user in $list )
 {
       $check_id = $user.id

        $user_yn = (Get-ADGroup -identity "EDGE_Dev@1" -properties Member).Member | Get-ADUser | where-object  {$_.SamaccountName -eq $check_id} | Select-Object samaccountname

        if($user_yn -eq $NULL) {
         $check_id |Add-Content -Path C:\Temp\sam_check_n.csv
         }

         if($user_yn -ne $NULL) {
          $check_id |Add-Content -Path C:\Temp\sam_check_y.csv
          }

}

728x90
728x90

사용자 만료일자를 추출하는 쿼리입니다.

실제 운영에서 유용하게 사용 할 수 있을 듯 합니다.

 

function Get-XADUserPasswordExpirationDate() {

    Param ([Parameter(Mandatory=$true,  Position=0,  ValueFromPipeline=$true, HelpMessage="Identity of the Account")]

    [Object] $accountIdentity)

    PROCESS {

        $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet

        if ($accountObj.PasswordExpired) {

            echo ("Password of account: " + $accountObj.Name + " already expired!")

        } else {

            if ($accountObj.PasswordNeverExpires) {

                echo ("Password of account: " + $accountObj.Name + " is set to never expires!")

            } else {

                $passwordSetDate = $accountObj.PasswordLastSet

                if ($passwordSetDate -eq $null) {

                    echo ("Password of account: " + $accountObj.Name + " has never been set!")

                }  else {

                    $maxPasswordAgeTimeSpan = $null

                    $dfl = (get-addomain).DomainMode

                    if ($dfl -ge 3) {

                        ## Greater than Windows2008 domain functional level

                        $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj

                        if ($accountFGPP -ne $null) {

                            $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge

                        } else {

                            $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

                        }

                    } else {

                        $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

                    }

                    if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0) {

                        echo ("MaxPasswordAge is not set for the domain or is set to zero!")

                    } else {

                        echo ("Password of account: " + $accountObj.Name + " expires on: " + ($passwordSetDate + $maxPasswordAgeTimeSpan))

                    }

                }

            }

        }

    }

}
 

 

사용방법

 

Import-module activedirectory
 
get-aduser -filter {Enabled -eq $True} -properties * | Get-XADUserPasswordExpirationDate 

 

 

출처 : http://blog.sogooday.com/239

728x90

+ Recent posts