针对 Ubuntu/Mac 用户的 Windows 密码通知

Question

您可以编写一个 PowerShell 脚本，由域控制器上的计划服务运行，该脚本可以查找密码在一定时间内过期的所有用户，并电子邮件每个用户都会收到通知。此解决方案的要求包括足够新的 PowerShell 版本（2.0 或更高版本可能就足够了）、某个点的 SMTP 中继服务器以及在 AD 中为每个用户填充的电子邮件地址字段。脚本必须以提升的权限运行。

$from = "<[email protected]>"
$subject = "Your password on the domain example.com is expiring soon"
$smtpServer = "smtprelay.example.com"

$today = Get-Date

# An HTML formatted e-mail body has been created and saved to a text file.
# This command reads the file into an array, each array element is one line of the file.

$bodyArray = Get-Content -Path "C:\ScriptData\emailbody.txt"

# The e-mail command won't correctly send the array for the e-mail body, we have to convert it to a stream of text.

for ($i=0; $i -lt $bodyArray.Count; $i++) {
  $body += $bodyArray[$i]
}

# Regarding the dates in this next command, it's meant to get passwords
# expiring within seven days (that's where the 8 comes from) and exclude
# passwords that have already expired. In AD, numerical zero means 1/1/1600,
# but outside of AD numerical zero is 1/1/1, so 1600 years must be added to
# dates retrieved from AD to compare them to dates computed in PowerShell
# using Get-Date.

$expiringUsers = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "GivenName","samAccountName","EmailAddress","msDS-UserPasswordExpiryTimeComputed" | Where-Object {((Get-Date($_.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600) -lt (Get-Date).AddDays(8)) -and ((Get-Date($_.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600) -gt (Get-Date))}

foreach ($user in $expiringUsers) {

  $timeRemaining = New-TimeSpan -Start $today -End (Get-Date($user.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600)
  $daystopassexpiry = $timeRemaining.Days

  # The next command replaces what I'll call constants in the e-mail body file
  # with the values retrieved from the user's AD information. This
  # personalizes each e-mail.

  $newbody = $body -replace "--GIVENNAME--",$user.GivenName -replace "--USERNAME--",$user.SamAccountName -replace "--NUMBER OF DAYS--",$daystopassexpiry -replace "--EMAILADDRESS--",$user.EmailAddress

  Send-MailMessage -From $from -To $user.EmailAddress -Subject $subject -BodyAsHTML -Body $newbody -SmtpServer $smtpServer

  $newbody = $null
}

我建议添加错误捕获（try/catch），如果您确实将其作为计划作业运行，我喜欢使用添加日志记录功能，Start-Transcript这样我就可以更轻松地找出问题所在。我还建议向自己的 cmdlet-BCC中添加Send-MailMessage，这样您就可以确保电子邮件能够发送并正确格式化。

我通过精心制作一封看起来像我想要的电子邮件来创建电子邮件正文，其中写入了所有“常量”，然后我将它发送给自己，然后我查看了电子邮件源并将其复制到文本文件中。

Answer 1

您可以编写一个 PowerShell 脚本，由域控制器上的计划服务运行，该脚本可以查找密码在一定时间内过期的所有用户，并电子邮件每个用户都会收到通知。此解决方案的要求包括足够新的 PowerShell 版本（2.0 或更高版本可能就足够了）、某个点的 SMTP 中继服务器以及在 AD 中为每个用户填充的电子邮件地址字段。脚本必须以提升的权限运行。

$from = "<[email protected]>"
$subject = "Your password on the domain example.com is expiring soon"
$smtpServer = "smtprelay.example.com"

$today = Get-Date

# An HTML formatted e-mail body has been created and saved to a text file.
# This command reads the file into an array, each array element is one line of the file.

$bodyArray = Get-Content -Path "C:\ScriptData\emailbody.txt"

# The e-mail command won't correctly send the array for the e-mail body, we have to convert it to a stream of text.

for ($i=0; $i -lt $bodyArray.Count; $i++) {
  $body += $bodyArray[$i]
}

# Regarding the dates in this next command, it's meant to get passwords
# expiring within seven days (that's where the 8 comes from) and exclude
# passwords that have already expired. In AD, numerical zero means 1/1/1600,
# but outside of AD numerical zero is 1/1/1, so 1600 years must be added to
# dates retrieved from AD to compare them to dates computed in PowerShell
# using Get-Date.

$expiringUsers = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "GivenName","samAccountName","EmailAddress","msDS-UserPasswordExpiryTimeComputed" | Where-Object {((Get-Date($_.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600) -lt (Get-Date).AddDays(8)) -and ((Get-Date($_.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600) -gt (Get-Date))}

foreach ($user in $expiringUsers) {

  $timeRemaining = New-TimeSpan -Start $today -End (Get-Date($user.'msDS-UserPasswordExpiryTimeComputed')).AddYears(1600)
  $daystopassexpiry = $timeRemaining.Days

  # The next command replaces what I'll call constants in the e-mail body file
  # with the values retrieved from the user's AD information. This
  # personalizes each e-mail.

  $newbody = $body -replace "--GIVENNAME--",$user.GivenName -replace "--USERNAME--",$user.SamAccountName -replace "--NUMBER OF DAYS--",$daystopassexpiry -replace "--EMAILADDRESS--",$user.EmailAddress

  Send-MailMessage -From $from -To $user.EmailAddress -Subject $subject -BodyAsHTML -Body $newbody -SmtpServer $smtpServer

  $newbody = $null
}

我建议添加错误捕获（try/catch），如果您确实将其作为计划作业运行，我喜欢使用添加日志记录功能，Start-Transcript这样我就可以更轻松地找出问题所在。我还建议向自己的 cmdlet-BCC中添加Send-MailMessage，这样您就可以确保电子邮件能够发送并正确格式化。

我通过精心制作一封看起来像我想要的电子邮件来创建电子邮件正文，其中写入了所有“常量”，然后我将它发送给自己，然后我查看了电子邮件源并将其复制到文本文件中。

针对 Ubuntu/Mac 用户的 Windows 密码通知

答案1

相关内容