如何使用 VBS/PS2.0/CMD 从 .txt 列表中删除批量用户帐户,具体取决于他们的帐户是否被禁用?

tag-icon tag-icon active-directory user-accounts vbscript
如何使用 VBS/PS2.0/CMD 从 .txt 列表中删除批量用户帐户,具体取决于他们的帐户是否被禁用?

简而言之: - 我有一个 .txt 列表,其中列出了需要从 AD 中删除的 sAMAccountNames - 在删除帐户之前,我需要检查它们是否被禁用。如果它们被禁用,则删除它们,如果没有,则不执行任何操作。

我没有 Active Directory 模块,无法安装它。域控制器是 Windows Server 2003,管理服务器运行 Windows Server 2008 并安装了 Powershell v2.0。

我以前曾使用以下 VBscript 从 .TXT 文件中禁用批量用户帐户:

$date = get-date -format d
$time = get-date -format t
$month = get-date 
$month1 = $month.month
$year1 = $month.year

$date = $date.ToString().Replace(“/”, “-”)

$time = $time.ToString().Replace(":", "-")
$time = $time.ToString().Replace(" ", "")

$log1 = ".\Logs" + "\" + "Accountdisabled_" + $date + "_.log"
$log2 = ".\Logs" + "\" + "Accountalreadydisabled_" + $date +"_.log"

If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles.ADManagement"}) -eq $null)
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
}

$file = ".\tobedisabled.txt"

get-content $file | foreach-object{

$statusofuser = get-qaduser $_
$userid = $statusofuser.Name

if($statusofuser.AccountIsDisabled -like $false)

{
Write-host "$userid is not disabled so it will be disabled"
Add-content $log1 "$userid is not disabled so it will be disabled"
Disable-QADUser -Identity $userid

}

Else
{
Write-host "$userid is already disabled"
Add-content $log2 "$userid is already disabled"

}

}

现在,我想知道是否可以调整为删除用户,我会像这样更改它:

$date = get-date -format d
$time = get-date -format t
$month = get-date 
$month1 = $month.month
$year1 = $month.year

$date = $date.ToString().Replace(“/”, “-”)

$time = $time.ToString().Replace(":", "-")
$time = $time.ToString().Replace(" ", "")

$log1 = ".\Logs" + "\" + "AccountDeleted_" + $date + "_.log"
$log2 = ".\Logs" + "\" + "AccountNotDisabled_" + $date +"_.log"


If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles.ADManagement"}) -eq $null)
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
}

$file = ".\deleted.txt"

get-content $file | foreach-object{

$statusofuser = get-qaduser $_
$userid = $statusofuser.Name

if($statusofuser.AccountIsDisabled -like $false) 

{
Write-host "$userid is not disabled so it will not be deleted"
Add-content $log1 "$userid is not disabled so it will not be deleted"

}

Else
{
Write-host "$userid was deleted"
Add-content $log2 "$userid was deleted"

Remove-QADUser -Identity $userid

}

}

我不知道如何调整以下代码块:

if($statusofuser.AccountIsDisabled -like $false) - 如果计算结果为真,我需要传递相应的用户而不是删除它。

另外,Remove-QADUser -Identity $userid 可以工作吗?我没有测试环境,无法创建虚拟用户来测试脚本。

答案1

我没有任务可以确认,但根据 ActiveDirectory 插件逻辑,您可以尝试替换以下内容 if($statusofuser.Enabled -eq $false)<-- 表示如果帐户被禁用

我将在已禁用的单个帐户上运行独立查询,并在将其实施到脚本以进行更广泛分发之前测试该命令

否则,您可以把这里另一个 AD 命令合并到脚本中,以查找已禁用的用户

Get-ADUser -Filter {enabled -eq "false" -and objectclass -eq "user"}

相关内容