Forum
Bildirimler
Hepsini Temizle
Windows Server
2
Yazılar
2
Üyeler
0
Reactions
578
Görüntüleme
Konu başlatıcı
Arkadaşlar selam
Active directory üzerinden 180 gün login olmayan kullanıcıları otomatik disable etme gibi bir özelliği nasıl yapabiliriz.
Gönderildi : 21/05/2013 09:57
Powershell scriptle halledebilirsin araştırdığım kadar.Vereceğim linkteki powershell scriptte 90 gün ayarlı sen 180 olarak düzeltirsin.Kolay gelsin.
### User Variables ### # Query Options # $searchRoot = "domain.local/" # Where to begin your recursive search - If you use top-level (e.g. "domain.local/") make sure to have a trailing slash, otherwise do not use a slash (e.g. "domain.local/Users") $inactiveDays = 90 # Integer for number of days of inactivity (e.q. 90) $timeSinceCreation = 30 # Integer for number of "grace" days since the account was created (to prevent disabling of brand new accounts) $sizeLimit = 0 # How many users do you want returned. 0 = unlimited. Without setting this the default is 1000 # Action Options # $disabledOU = "domain.local/Users/Disabled" # Define where disabled accounts are stored (e.g. "domain.local/Users/Disabled") # Email Settings # $emailAlerts = 1 # Turn e-mail alerts on or off. 0 = off $fromAddr = "[email protected]" # Enter the FROM address for the e-mail alert $toAddr = "[email protected]" # Enter the TO address for the e-mail alert $smtpsrv = "192.168.1.1" # Enter the FQDN or IP of a SMTP relay # Enable Script # $enableAction = 1 # Change to 0 if you want to "whatif" this script - It will bypass the actual account disabling (turn e-mail alerts on!) ###################### Add-PSSnapin "Quest.ActiveRoles.ADManagement" $creationCutoff = (Get-Date).AddDays(-$timeSinceCreation) $inactiveUsers = @(Get-QADUser -SearchRoot $searchRoot -Enabled -NotLoggedOnFor $inactiveDays -CreatedBefore $creationCutoff -SizeLimit $sizeLimit | Select-Object Name,SamAccountName,LastLogonTimeStamp,Description | Sort-Object Name) ### Disable Accounts ### if ($enableAction -eq 1 -and $inactiveUsers -ne $null){ foreach($user in $inactiveUsers){ Set-QADUser $user.SamAccountName -Description "Account Disabled on $date for Inactivity - $($user.Description)" | Disable-QADUser | Move-QADObject -NewParentContainer $disabledOU } } ###### ### Email Alerts ### if ($emailAlerts -eq 1 -and $inactiveUsers -ne $null){ $date = Get-Date -DisplayHint Date $body = @(" <center><table border=1 width=50% cellspacing=0 cellpadding=8 bgcolor=Black cols=3> <tr bgcolor=White><td>Name</td><td>Account</td><td>Last Login</td></tr>") $i = 0 do { if($i % 2){$body += "<tr bgcolor=#D2CFCF><td>$($inactiveUsers[$i].Name)</td><td>$($inactiveUsers[$i].SamAccountName)</td><td>$($inactiveUsers[$i].LastLogonTimestamp)</td></tr>";$i++} else {$body += "<tr bgcolor=#EFEFEF><td>$($inactiveUsers[$i].Name)</td><td>$($inactiveUsers[$i].SamAccountName)</td><td>$($inactiveUsers[$i].LastLogonTimestamp)</td></tr>";$i++} } while ($inactiveUsers[$i] -ne $null) $body += "</table></center>" Send-MailMessage -To $toAddr -From $fromAddr -Subject "Info: $($inactiveUsers.Count) User Accounts Disabled on $date" -Body "$body" -SmtpServer $smtpsrv -BodyAsHtml } ###### exit
Link: http://vnucleus.com/2011/07/use-powershell-to-auto-disable-inactive-active-directory-accounts/
Gönderildi : 21/05/2013 11:05
