如何为即将到期的AD用户创建警报 [英] How to create an alert for expiring AD Users

问题描述

这是我第一次在Powershell中尝试，我不得不说我不知道​​自己在做什么.

this is my first try in Powershell and I have to say I have no Idea what I am doing.

因此，我想创建一个脚本，该脚本在运行时向管理员发送一封电子邮件，其中包含将在未来30天内到期的ADUser的列表.

So I want to create a Script, that when it runs send an E-Mail to an Admin with a list of ADUsers who are going to expire within the next 30 Days.

这是我第一次尝试将Users作为输出，但是它不起作用，我也不知道为什么不这样做.所以我不能继续做邮件发送的事情.我也没有在互联网上找到任何类似的东西.

This was my first try to get the Users as an output but it doesn't work and I have no Idea why not. So I can't go on and do the Mail-Send thing. I didn't find anything similar on the internet too.

Get-ADUser -Filter'enabled -eq $ true'-SearchBase"CN = Users，DC = mydomain，DC = de"-属性$ var =((get-date).AddDays(30))-le AccountExpirationDate |选择对象distinguishedName，AccountExpirationDate

有人可以帮我吗?

推荐答案

如果用户属性 accountExpires 等于0或9223372036854775807，则该帐户永不过期.要获取一定天数内即将到期的帐户列表，请执行以下操作:

If the user property accountExpires equals to 0 or 9223372036854775807, then the account never expires. To get a list of accounts that are expiring within a certain number of days, you an do:

$refDate = (Get-Date).AddDays(30)
$expiringUsers = Get-ADUser -Filter 'Enabled -eq $true' -SearchBase "CN=Users,DC=mydomain,DC=de" -Properties AccountExpirationDate, accountExpires | 
    Where-Object {($_.accountExpires -gt 0 -and $_.accountExpires -ne 9223372036854775807) -and ($_.AccountExpirationDate -le $refDate)} |
    Select-Object Name, DistinguishedName, AccountExpirationDate

接下来，您需要通过电子邮件将其发送给管理员.
当然，有多种方法可以执行此操作，下面的示例将结果作为CSV附件发送.

Next, you need to send this to an admin by email.
There are various ways of doing this of course, below example sends the result as CSV attachment.

# don't send mail if there are no expiring users found
if ($expiringUsers.Count) {
    # write the results to csv file
    $outFile = Join-Path -Path $env:TEMP -ChildPath ('{0:yyyy-MM-dd}_ExpiringUsers.csv' -f (Get-Date))
    $expiringUsers | Export-Csv -Path $outFile -NoTypeInformation

    # use splatting for cmdlets that take a lot of parameters
    $mailParams = @{ 
        SmtpServer  = 'smtp.fabrikam.com'
        From        = 'troi@fabrikam.com'
        To          = 'admin@fabrikam.com'
        Subject     = 'Expiring user accounts'
        Body        = 'Please find the list of expiring user accounts in the attachment'
        Attachments = $outFile
        # See https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage
        # for more parameters you might want to use
    } 

    Send-Mailmessage @mailParams
    Write-Host "$($expiringUsers.Count) user accounts are set to expire within the next 30 days. An email has been sent."
}
else {
    Write-Host 'No user accounts are set to expire within the next 30 days'
}

默认情况下，

^{Get-ADUser 返回以下属性: DistinguishedName ， Enabled ， GivenName ，名称， ObjectClass ， ObjectGUID ， SamAccountName ， SID ，姓氏和 UserPrincipalName .属性 AccountExpirationDate 是属性 accountExpires 转换为本地时间的值.}

^{Get-ADUser by default returns these properties: DistinguishedName,Enabled,GivenName,Name,ObjectClass,ObjectGUID,SamAccountName,SID,Surname and UserPrincipalName. Property AccountExpirationDate is the value of property accountExpires converted to local time.}

这篇关于如何为即将到期的AD用户创建警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！