# , , # email, # , . # # . $dt=Get-Date -Format "dd-MM-yyyy" $setupFolder = "c:\Active_Directory\Log" New-Item -ItemType directory -Path $setupFolder -Force | out-null # $global:logfilename="C:\Active_Directory\Log\"+$dt+"_LOG.log" [int]$global:errorcount=0 # [int]$global:warningcount=0 # function global:Write-log # - . {param($message,[string]$type="info",[string]$logfile=$global:logfilename,[switch]$silent) $dt=Get-Date -Format "dd.MM.yyyy HH:mm:ss" $msg=$dt + "`t" + $type + "`t" + $message #: 01.01.2001 01:01:01 [tab] error [tab] Out-File -FilePath $logfile -InputObject $msg -Append -encoding unicode if (-not $silent.IsPresent) { switch ( $type.toLower() ) { "error" { $global:errorcount++ write-host $msg -ForegroundColor red } "warning" { $global:warningcount++ write-host $msg -ForegroundColor yellow } "completed" { write-host $msg -ForegroundColor green } "info" { write-host $msg } default { write-host $msg } } } } # function global:Get-RandomPassword { <# PasswordLength - #> [CmdletBinding()] param( [Parameter(Position=0, Mandatory=$true, ValueFromPipeline=$true)] [ValidateRange(4,15)] [Int] $PasswordLength ) Begin{} Process{ $numberchars=0..9 | % {$_.ToString()} $lochars = [char]'a' .. [char]'z' | % {[char]$_} $hichars = [char]'A' .. [char]'Z' | % {[char]$_} $punctchars = [char[]](33..47) $PasswordArray = Get-Random -InputObject @($hichars + $lochars + $numberchars + $punctchars) -Count $PasswordLength $char1 = Get-Random -InputObject $hichars $char2 = Get-Random -InputObject $lochars $char3 = Get-Random -InputObject $numberchars $char4 = Get-Random -InputObject $punctchars $RndIndexArray = Get-Random (0..($PasswordLength-1)) -Count 4 $PasswordArray[$RndIndexArray[0]] = $char1 $PasswordArray[$RndIndexArray[1]] = $char2 $PasswordArray[$RndIndexArray[2]] = $char3 $PasswordArray[$RndIndexArray[3]] = $char4 return [system.string]::Join('', $PasswordArray) } End{} } #SMTP $smtpServer = "mail.domain.local" # $msg = new-object Net.Mail.MailMessage $msgr = new-object Net.Mail.MailMessage # $smtp = new-object Net.Mail.SmtpClient($smtpServer) # Function EmailStructure($to,$expiryDate,$upn) { $msg.IsBodyHtml = $true $msg.From = "ITHelpDesk@domain.local" $msg.To.Clear() $msg.To.Add($to) $msg.Subject = "Password expiration notice" $msg.Body = "<html><body><font face='Arial'>This is an automatically generated message from Company IT Service.<br><br> <b>Please note that the password for your account <i><u>domain\$upn</u></i> will expire on $expiryDate.</b><br><br> System automatically generated a new password for you. <br> You can use password - <b>$generated_password</b><br> Please change your password immediately or at least before this date as you will be unable to access the service without contacting your administrator.<br> If you will not change your password, System set it automatically.<br> </font></body></html>"} # Function EmailStructureReport($to) { $msgr.IsBodyHtml = $true $msgr.From = "PasswordChecker@domain.local" $msgr.To.Add($to) $msgr.Subject = "Script running report" $msgr.Body = "<html><body><font face='Arial'><b>This is a daily report.<br> <br>Script for check expiried passwords has successfully completed its work. <br>$NotificationCounter users have recieved notifications:<br> <br>$ListOfAccounts<br><br></b></font></body></html>"} # Active Directory Import-Module activedirectory # , $NotificationCounter = 0 $OU = "OU=Russia,DC=local,DC=domain" $ADAccounts = Get-ADUser -LDAPFilter "(objectClass=user)" -searchbase $OU -properties PasswordExpired, employeeNumber, PasswordNeverExpires, PasswordLastSet, Mail, mobile, Enabled | Where-object {$_.Enabled -eq $true -and $_.PasswordNeverExpires -eq $false} # foreach ($ADAccount in $ADAccounts) # { $accountFGPP = Get-ADUserResultantPasswordPolicy $ADAccount if ($accountFGPP -ne $null) { $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge } else { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge } # $samAccountName = $ADAccount.samAccountName $userEmailAddress = $ADAccount.mail $userPrincipalName = $ADAccount.UserPrincipalName $userStorePassword = $ADAccount.employeeNumber $usermobile = $ADAccount.mobile # , if ($ADAccount.PasswordExpired) { # AD # , - Pa$$w0rd if ($userStorePassword -eq $NULL -or $useStorePassword -eq " ") { $userStorePassword = "Pa$$w0rd" } # $newpwd = ConvertTo-SecureString -String $userStorePassword -AsPlainText –Force Set-ADAccountPassword -Identity $samAccountName -NewPassword $newpwd –Reset # TXT if ($usermobile -ne $NULL) { $SMSfile="C:\ActiveDirectory\SMS_notice.txt" $SMSMessage=$usermobile + "," + $userStorePassword Out-File -FilePath $SMSfile -InputObject $SMSMessage -Append -encoding unicode } # write-log "for $samAccountName will set a stored password - $userStorePassword. Message send to mobile - $usermobile" write-log "---------------------------------------------------------------------------------------------------------" # AD Set-ADUser $samAccountName -employeeNumber $null } else # , , $DaysToExpireDD 2 { $ExpiryDate = $ADAccount.PasswordLastSet + $maxPasswordAgeTimeSpan $TodaysDate = Get-Date $DaysToExpire = $ExpiryDate - $TodaysDate # DaysToExpireDD $DaysToExpireDD = $DaysToExpire.ToString() -Split ("\S{17}$") if (($DaysToExpire.Days -le 2)) { Write-log "The password for account $samAccountName expires on: $ExpiryDate. Days left: $DaysToExpireDD # $generated_password $generated_password = Get-RandomPassword 10 write-log "Generated password: $samAccountName - $generated_password" write-log "-----------------------------------------------------------------------------------------" # e AD. employeeNumber Set-ADUser $samAccountName -employeeNumber $generated_password # if ($userEmailAddress) # . { EmailStructure $userEmailAddress $expiryDate $samAccountName $smtp.Send($msg) write-log "NOTIFICATION - $samAccountName :: e-mail was sent to $userEmailAddress" $NotificationCounter = $NotificationCounter + 1 $ListOfAccounts = $ListOfAccounts + $samAccountName + " - $DaysToExpireDD days left. Sent to $userEmailAddress<br>" } } } } # , SMS # If (Test-Path $SMSfile) { Copy-Item -Path $SMSfile -Destination \\SMS-Send-Server.domain.local\C$\ActiveDirectory\SMS_notice.txt # Remove-Item $SMSfile } # Write-log "SENDING REPORT TO IT DEPARTMENT" EmailStructureReport("ITHelpdesk@domain.local") $smtp.Send($msgr)
# # # # , $sms_text_filename = "SMS_notice.txt" $PathToSmsPrepareToSend = "C:\ActiveDirectory" + "\" + $sms_text_filename $dt=Get-Date -Format "dd.MM.yyyy" # , $of="C:\ActiveDirectory\Log\"+$dt+"_LOG.log" # If (Test-Path $PathToSmsPrepareToSend) { $SMS = Import-Csv $PathToSmsPrepareToSend -Header mobile, newpassword # foreach ($SM in $SMS) { # $mobileForSMS = $SM.mobile # $passwordFroSMS = $SM.newpassword # echo $mobileForSMS # SerialPort $serialPort = new-Object System.IO.Ports.SerialPort # , <# !!!!!! USB- COM . , . GSM- USB , COM . #> $serialPort.PortName = "COM3" $serialPort.BaudRate = 115200 $serialPort.WriteTimeout = 500 $serialPort.ReadTimeout = 3000 $serialPort.DtrEnable = "true" # # $serialPort.Open() # # $phoneNumber = [Regex]::replace($SM.mobile,'\s','') $textMessage = "Your new password - " + $SM.newpassword try { $serialPort.Open() } catch { # 5 Sleep -Milliseconds 500 $serialPort.Open() } If ($serialPort.IsOpen -eq $true) { # , AT- $serialPort.Write("AT+CMGF=1`r`n") Sleep -Milliseconds 500 # # # <CL> $serialPort.Write("AT+CMGS=`"$phoneNumber`"`r`n") # Sleep -Milliseconds 500 # $serialPort.Write("$textMessage`r`n") Sleep -Milliseconds 500 # Ctrl+Z . $serialPort.Write($([char] 26)) # , Sleep -Milliseconds 500 } # $serialPort.Close() if ($serialPort.IsOpen -eq $false) { # $dts=Get-Date -Format "dd.MM.yyyy HH:mm:ss" $msg=$dts+" :Message "+$textMessage+" send to "+ $phoneNumber Out-File -FilePath $of -InputObject $msg -Append -encoding unicode } Sleep -Milliseconds 1000 } # # $newname =$dt+"_"+$sms_text_filename rename-item -path $PathToSmsPrepareToSend -newname $newname } # Else # { # , $dts=Get-Date -Format "dd.MM.yyyy HH:mm:ss" $msg=$dts + " :No data to send SMS" Out-File -FilePath $of -InputObject $msg -Append -encoding unicode }
$generated_password = $generated_password_comma -replace ",","*"
Source: https://habr.com/ru/post/255197/