是否有人了解如何使用Powershell脚本禁用用户的ESET安全身份验证设置?
我有一个脚本可以禁用用户的Active Directory帐户,重置密码,并将其移动到新的OU,但现在我不知道如何禁用与其ESET信息相关的属性。从ADUC GUI中,您可以取消选中其硬件令牌的框并重新调整密钥,因此我认为可以使用我可以包含在当前脚本中的脚本来实现此目的。
# Imports module for running commandlets against Active Directory, and inputs user name
# into variable.
# Enter-PSSession DomainController // Need to run this commandlet from your local
# machine first.
Echo "You are about to disable a user account. Verify your information!"
Read-Host "Press ENTER to continue."
Import-module ActiveDirectory
$User1 = Read-Host -Prompt 'Enter the username of the employee you wish to change'
# Disables named users ActiveDirectory Account.
# "Locked Account" does not show but need to right click to enable
Disable-ADAccount -Identity $User1
# Adds AD group "Disabled Users" to named user group membership
Add-ADGroupMember -Identity 'Disabled Users' -Member $User1
# Set named users primary group to "Disabled Users"
Set-ADUser -Identity $User1 -Replace @{PrimaryGroupID="0000"}
# Removes groups assigned to named users membership
Get-ADUser -Identity $User1 -Properties MemberOf | ForEach-Object {
$_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
}
# Changes named users password based on Administrators input
$newpwd = Read-Host "Enter the new password" -AsSecureString -WhatIf
Set-ADAccountPassword $User1 -NewPassword $newpwd –Reset -WhatIf
# Moves named user from current OU to "Employee DISABLED\DISABLED" container
get-aduser $User1 | move-adobject -targetpath
"ou=DISABLED,ou=Employee DISABLED,dc=DOMAINNAME,dc=com"
# Much respect due to the onesixooh!
Read-Host "Press ENTER to finish"
Write-Host " **********************************************************
>>> Get the money. Dolla dolla bill y'all. <<<
**********************************************************"
非常感谢任何建议。
答案 0 :(得分:1)
尝试使用Windows Server ADAC(AD管理中心)为您编写此代码,看看是否能让您更接近最终目标。