Script for fixing the date of setting the user's password in AD
Hello!
Sometimes there is a situation when the user needs to change the date of setting the password in Active Directory. I present the script. Surely many will come in handy.
Under the cut description, use and features.
First you need to install ActiveRoles Management Shell for Active Directory .
The script can accept an account as a parameter, the date of which password change should be reset. Without parameters, the script executes the file “c: \ scriptps \ set-ADUserPswDate.txt” (registered in the script). In the file, each account is written with a new line.
Features of the script:
1. Set the date of the password can not be set, you can only reset and set the current date. Features of Active Directory.
2. If the script works through the file (that is, according to the list of users), then the passwords are not reset all at once, but with a random break between users. The possible duration of the break is from 218 to 884 seconds.
3. The password is not reset until 8:00 and later than 19:00 and on weekends.
4. The script execution log is sent to two administrators. Here is the magazine:
Sometimes there is a situation when the user needs to change the date of setting the password in Active Directory. I present the script. Surely many will come in handy.
set-ADUserPswDate.ps1
# . # # luzhin.kirill@yandex.ru Add-PSSnapin Quest.ActiveRoles.ADManagement; $gsFilename = "c:\scriptps\set-ADUserPswDate.txt"; $giRows = (Get-Content -LiteralPath $gsFilename).Count; $giX = 0; $giMinimumSleep = 218; $giMaximumSleep = 884; $gtBeginDay = "08:00:00"; $gtEndDay = "19:00:00"; $today_date = Get-date -Format "dd.MM.yyyy"; function set-password($lsAccount) { Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=0} | Out-Null; Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=-1} | Out-Null; } function get-password($lsAccount) { get-qaduser $lsAccount -IncludedProperties pwdLastSet | % {$lsPwdLastSet = $_.pwdLastSet;} $lsPwdLastSet = $lsPwdLastSet.AddHours(3); $lsPwdLastSetNorm = get-date -uformat '%d.%m.%Y %R' -Date $lsPwdLastSet; return $lsPwdLastSetNorm; } function send-eMail($to,$toCc,$text="",$subject=" ",$toBcc="admin3@domain.com") { write-host ": $to | : $subject | : $text"; $Enc = [Text.Encoding]::UTF8; Send-MailMessage -to $to -from "admin1@domain.com" -Bcc $toBcc -Cc $toCc -subject $subject -smtpServer MAIL-SRV -BodyAsHtml $text -Encoding $Enc; } function get-sleepRandom($liMinimum, $liMaximum) { $giSleep = Get-Random -minimum $liMinimum -maximum $liMaximum # $giSleep = 30; $giSleepS = $giSleep % 60; $giSleepM = $giSleep - $giSleepS; $giSleepM = $giSleepM / 60; $gdFuture = (Get-Date).AddSeconds($giSleep); write-host ""$giSleepM" "$giSleepS" ( "$gdFuture")..."; Start-Sleep -Seconds $giSleep } function isAtWork($ltBegin, $ltEnd) { $lbAtWork = $FALSE; $giDayOfWeek = (get-date).DayOfWeek.ToString('d'); if (($giDayOfWeek -gt 0) -and ($giDayOfWeek -lt 6)) { $today_date_full = $today_date + " " + $ltBegin; $today_date_full2 = $today_date + " " + $ltEnd; write-host $today_date_full" - "$today_date_full2; $a=[datetime]::parse($today_date_full); $c=[datetime]::parse($today_date_full2); $b = get-date; if (($b -gt $a) -and ($b -lt $c)) { write-host $b". 8:00 19:00, !"; $lbAtWork = $TRUE; } else { write-host " 8:00 19:00, ."; } } else { write-host " , ."; } return $lbAtWork; } function update-password_wReport($lsAccount) { write-host " "; write-host "*"$lsAccount; $gbAtWork = isAtWork $gtBeginDay $gtEndDay; if ($gbAtWork) { $gsPwdLastSet = get-password $lsAccount; $lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td>"; set-password $lsAccount; $gsPwdLastSet = get-password $lsAccount; $lsText = $lsText + "<td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td></tr>"; } else { $lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'> </td><td style='border:1px solid RGB(200,200,200);'></td></tr>"; } return $lsText; } $gsText = $gsText + "<table style='border-collapse:collapse; width:500px; font-family:Tahoma,Arial,Calibri;font-size:10pt;'>"; $gsText = $gsText + "<tr><td style='width:40%; border:1px solid RGB(200,200,200); text-align:center;'> </td>"; $gsText = $gsText + "<td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'></td><td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'></td></tr>"; if ($ARGS[0] -ne $Null) { $gsText = $gsText + (update-password_wReport $ARGS[0]); } else { Get-Content -LiteralPath $gsFilename | % { $gsText = $gsText + (update-password_wReport $_); $giX = $giX + 1; if ($giX -lt $giRows) { get-sleepRandom $giMinimumSleep $giMaximumSleep; } } } $gsText = $gsText + "</table>"; if ($ARGS[1] -ne $Null) { send-eMail $ARGS[1] "admin1@domain.com" $gsText; } else { send-eMail "admin1@domain.com" "admin2@domain.com" $gsText; } Under the cut description, use and features.
First you need to install ActiveRoles Management Shell for Active Directory .
The script can accept an account as a parameter, the date of which password change should be reset. Without parameters, the script executes the file “c: \ scriptps \ set-ADUserPswDate.txt” (registered in the script). In the file, each account is written with a new line.
Features of the script:
1. Set the date of the password can not be set, you can only reset and set the current date. Features of Active Directory.
2. If the script works through the file (that is, according to the list of users), then the passwords are not reset all at once, but with a random break between users. The possible duration of the break is from 218 to 884 seconds.
3. The password is not reset until 8:00 and later than 19:00 and on weekends.
4. The script execution log is sent to two administrators. Here is the magazine:
')
Source: https://habr.com/ru/post/205696/
All Articles