Get-ADuser和嵌套的AD组

时间:2014-05-15 17:53:36

标签: powershell active-directory

我正在使用脚本来通知用户密码过期,但我在为嵌套组获取结果时遇到了一些问题。我的脚本将过滤Parent-Test成员的用户。我没有任何直接成为此用户的用户,他们将成为Child01-TestChild02-Test的成员。 Child01Child02是Parent-Test的成员。

有没有办法使用Get-ADUser执行此操作,还是应该使用Get-ADGroupMember之类的内容?

$smtpServer="mail.company.com"
$expireindays = 10
$ADGroup ="CN=Parent-test,OU=Groups,OU=Test,DC=Test1,DC=Test2,DC=Test3,DC=com"
$OfficeOU ="OU=Test,DC=Test1,DC=Test2,DC=Test3,DC=com"

#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter {memberof -eq $ADGroup} -properties * -searchbase $OfficeOU |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

foreach ($user in $users)
{
$Name = (Get-ADUser $user | foreach { $_.GivenName})
$emailaddress = $user.emailaddress
$passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}

else
{
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}


$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject="Your Network/Outlook password will expire in $daystoExpire days"
$attachment="C:\Util\Outlook Web App Password Change Procedure.pdf"
$body ="
Dear $name,
<p> Your Network/Outlook password will expire in $daystoexpire days.<br>
Please follow the instructions in the attached guide to change your password. For     assistance, please contact me or send an email to admin@support.com<br>

if ($daystoexpire -lt $expireindays)
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject    $subject -body $body -attachments $attachment -bodyasHTML -priority High

}  

}

1 个答案:

答案 0 :(得分:0)

我会首先使用Get-ADGroupMember $ADGroup -Recursive收集一个群组成员列表,然后将用户与之匹配,例如:

$pattern = [regex]::Escape($OfficeOU)

Get-ADGroupMember $ADGroup -Recursive |
Get-ADUser -Properties * |
? { $_.Enabled -and $_.PasswordNeverExpires -eq $false -and $_.passwordexpired -eq $false -and $_.DistinguishedName -match $pattern }
相关问题
最新问题