ADUser的
告诉我如何实现流程,有一个OU的帐户,您需要为其选择一年多未更改密码的帐户,并向该帐户的经理发送电子邮件。目前,我只实现了一系列用户帐户,这些帐户的密码已经一年多没有更改了,
Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $true} -SearchBase "OU=SС,DC=domain,DC=com" -Properties Manager, PasswordLastSet | Where-Object {$_.PasswordLastSet -lt (Get-Date).adddays(-365)} | select Name,SamAccountName,PasswordLastSet, Manager
但是,我如何让客户经理向经理发送一份包含姓名和密码期限的报告?
Manager属性可以不设置,也可以包含管理器的DistinguishedName。
这意味着,如果您需要来自该管理器的更多属性,如EmailAddress,则需要执行另一个Get-ADUser来获取这些属性。
只需一个ForEach-Object循环,您就可以在一组PSCustomObjects中收集所需的所有信息,然后只需对经理的电子邮件地址进行分组,并开始发送格式良好的邮件。
类似于:
$refDate = (Get-Date).AddDays(-365).Date # set to midnight
$filter = "Enabled -eq 'True' -and PasswordNeverExpires -eq 'True'"
$users = Get-ADUser -Filter $filter -SearchBase "OU=SС,DC=domain,DC=com" -Properties EmailAddress, Manager, PasswordLastSet |
Where-Object {$_.PasswordLastSet -lt $refDate} |
ForEach-Object {
# get the Manager details we need
$manager = Get-ADUser -Identity $_.Manager -Properties Name, EmailAddress
$_ | Select-Object Name,SamAccountName,PasswordLastSet, EmailAddress,
@{Name = 'ManagerName'; Expression = {$manager.Name}},
@{Name = 'ManagerEmail'; Expression = {$manager.EmailAddress}}
}
# you now have an array of user objects with properties you need to create the email(s)
# create a Here-String with the wanted style for the email
$style = @"
<style>
body, table {font-family: sans-serif; font-size: 10pt; color: #000000;}
table {border: 1px solid black; border-collapse: collapse;}
th {border: 1px solid black; background: #dddddd; padding: 3px;}
td {border: 1px solid black; padding: 3px;}
</style>
"@
# create a Here-String template to use for mailing the managers
# this uses 3 placeholders to fill in (style, manager name, and the table of expiring user accounts)
$mailTemplate = @"
<html><head>{0}</head><body>
Dear {1},<br /><br />
The below users have not changed their password for more than a year.<br />
{2}
<br />
As their manager, please tell them to do so within the next 14 days.
<br /><br />
Thank you.
</body></html>
"@
# first filter out the users that do have a manager and group by the 'ManagerEmail' property
$users | Where-Object { ![string]::IsNullOrWhiteSpace($_.ManagerEmail) } | Group-Object -Property ManagerEmail | ForEach-Object {
$mgrName = $_.Group[0].ManagerName
$mgrEmail = $_.Name # the Group's Name is what we grouped on == ManagerEmail. Can also use $_.Group[0].ManagerEmail
# select the user properties from the group, and convert it into a nice HTML table
$table = ($_.Group | Select-Object * -ExcludeProperty 'Manager*' | ConvertTo-Html -As Table -Fragment) -join [environment]::NewLine
# create a Hashtable for splatting the parameters to the Send-MailMessage cmdlet
$mailParams = @{
To = $mgrEmail
From = 'IT@yourdomain.com'
Subject = 'Users that have not changed their password for more than a year'
Body = $mailTemplate -f $style, $mgrName, $table # fill in the placeholders of the mail template
BodyAsHtml = $true
Priority = 'High'
SmtpServer = 'smtp.yourdomain.com'
# more parameters go here
}
# send this manager an email with a table of users that report to him/her
Send-MailMessage @mailParams
}
# next filter out users that have no manager listed and display that list for you to take action on
$noManager = @($users | Where-Object { [string]::IsNullOrWhiteSpace($_.ManagerEmail) })
if ($noManager.Count) {
# output on screen
Write-Host "These users have no manager.."
$noManager | Format-Table -AutoSize
# if you like, save to CSV file
$noManager | Export-Csv -Path 'PathToUsersWithoutManager.csv'
}