我有一个powershell脚本,它应该查看活动目录中的任何计算机对象,并禁用任何显示最后登录90天或更久的对象。这也会将帐户描述更新为"由于不活动而被禁用"。并发送禁用帐户的电子邮件。
我收到以下错误。非常感谢任何帮助。我有很多东西要学。
Method invocation failed because [Microsoft.ActiveDirectory.Management.ADComputer] does not contain a method named 'op_Addition'.
At C:ScriptsDisableInactiveComputers.ps1:58 char:1
+ $Info += "$UpdateInformation - $Date"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
代码:
[CmdletBinding()]
param (
[Parameter( Mandatory=$false)]
[int]$TimeFrame = 90,
[Parameter( Mandatory=$false)]
[string]$UpdateInformation = "Disabled due to inactivity",
[Parameter( Mandatory=$false)]
[switch]$Remediate,
[Parameter( Mandatory=$false)]
[string]$LogName = "ComputerLogFile.txt",
[Parameter( Mandatory=$false)]
[string]$ExclusionsPath = "C:ScriptsComputerExclusions.txt",
[Parameter( Mandatory=$false)]
[string]$TriggeredPath = ".Computertriggered.csv"
)
$Date = Get-Date -Format "MM/dd/yyyy"
$LogDate = Get-Date -Format "yyyy MMM d - HH:mm:ss tt"
$myDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$LogPath = "$myDir$LogName"
$TriggeredPath = "$myDir$TriggeredPath"
$Report = New-Object PSObject
$TriggeredComputers = @()
$Exclusions = Get-Content $ExclusionsPath
$secpasswd = ConvertTo-SecureString 'supernotsecretpassword' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("email@somewhere.com", $secpasswd)
$smtpServer="smtp.office365.com"
$from = "<email@somewhere.com>"
$emailaddress = "someotheremail@somewhere.com"
Import-Module ActiveDirectory
$Computers = Get-ADComputer -Properties LastLogonDate,SamAccountName -Filter {Enabled -eq $true}
Function Write-LogFile {
[CmdletBinding()]
param(
[Parameter( Position=0,Mandatory=$true)]
[string]$LogData
)
"$Date - $LogData" | Out-file -FilePath $LogPath -Append
}
foreach ($Computer in $Computers) {
if ($Exclusions -notcontains $Computer.Name) {
if ($Computer.LastLogonDate -lt (Get-Date).AddDays(-$TimeFrame) -AND $Computer.LastLogonDate -ne $null) {
if ($Remediate) {
if ($UpdateInformation -ne $null) {
$Info = Get-ADComputer $Computer.Name -Properties info | Where-Object {$info}
$Info += "$UpdateInformation - $Date"
try {
Set-ADComputer $Computer.Name -Description "$Info" -ErrorAction Stop
Write-LogFile -LogData "Successfully set Info field for $($Computer.Name). New Info: $Info"
}
catch {
Write-LogFile -LogData "Error - Failed to set Info field for $($Computer.Name) - $"
}
}
try {
Disable-ADAccount -Identity $Computer.Name -ErrorAction Stop
Write-LogFile -LogData "$($Computer.Name) successfully disabled"
}
catch {
Write-LogFile -LogData "Error - Failed to disable AD Account $($Computer.Name)"
}
}
$TriggeredComputers += $Computer | Select Name,LastLogonDate,SamAccountName
}
}
}
$TriggeredComputers | Format-Table
$TriggeredComputers | Export-Csv $TriggeredPath -NoTypeInformation
$subject="120 Day Inactive Computer Account(s) Disabled"
$csvHTML = Import-Csv C:ScriptsComputertriggered.csv | ConvertTo-Html
$body = @"
The following computer accounts have been disabled.
"@ + ($csvHTML[5..($csvHTML.length-2)] | Out-String)
Send-Mailmessage -smtpServer $smtpServer -Credential $cred -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -UseSSL
为用户帐户提供一个类似的脚本,该脚本可以完美地工作,并且几乎完全相同。
我猜错误在前一行(第67行):
$Info = $Info = Get-ADComputer $Computer.Name -Properties info | Where-Object {$info}
很难确定你想要的是什么,但如果它在描述中添加了一些东西(如第58行和第60行所示),我认为你可能最好使用:
$Info = (Get-ADComputer $Computer.Name -properties $description).description
这将确保你得到的是一个字符串,可以在下一行添加日期等。