############################################
#Author:wangtingdong
#For:检测AD密码过期时间并邮件通知
#Version:1.0
##############################################
Import-Module Activedirectory
#@1和@2选择一个执行
#@1检索出指定OU里不包含设置了永不过期及禁用的账户
#$alladuser=get-aduser -searchbase "DC=doubioa,DC=ren" -Filter 'PasswordNeverExpires -eq "false" -and enabled -eq "true"' |ForEach{$_.SamAccountName}
#@2检索出所有OU里不包含设置了永不过期及禁用的账户
$alladuser=Get-ADUser -Filter 'PasswordNeverExpires -eq "false" -and enabled -eq "true"' |ForEach{$_.SamAccountName}
$userlist = @()
#################################################
#检测AD密码过期时间并邮件通知相应账户
##################################################
foreach ($user in $alladuser){
#密码最后一次更改时间
$pwdlastset=Get-ADUser $user -Properties * |ForEach{$_.passwordlastset}
#密码的过期时间
$pwdlastday=($pwdlastset).adddays(90)
#当前时间
$now=get-date
#距离密码过期的时间
$expire_days=($pwdlastday - $now).Days
#判断过期时间天小于7天的账户
if($expire_days -lt 7 ){
$chineseusername= Get-ADUser $user -Properties * |ForEach{$_.Displayname}
#邮件正文
$Emailbody=
@"
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<a name="_MailOriginal"><span lang="EN-US" style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">您好, </span><span style="font-size: 12.0pt;
font-family: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">$chineseusername<span
lang="EN-US"> :</span></span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-size: 12.0pt; font-family: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">
您的邮箱账户密码即将在<span lang="EN-US"> <font
color="#ff0000">$expire_days</font> </span>天后过期,<span lang="EN-US"> <font color="#ff0000">
$pwdlastday</font> </span>之后您将无法使用该账户登陆相关系统,请您尽快登录 http://mail.doubi.ren 更改帐号密码。</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-size: 12.0pt; font-family: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">
重置密码过程请遵循以下原则:</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体; font-size: 16px; line-height: 24px; background-color: window;">
</span><span style="font-family: 宋体; font-size: 16px; line-height: 24px;
background-color: window;"> </span><span style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><span lang="EN-US">1、</span>密码长度最少<span
lang="EN-US">8</span>位,</span>密码中不能包含帐号信息;</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体; font-size: 16px; line-height: 24px; background-color: window;">
</span><span style="font-family: 宋体; font-size: 16px; line-height: 24px;
background-color: window;"> </span><span style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><span lang="EN-US">2、</span>密码可使用最长时间<span
lang="EN-US">90</span>天,过期需要更改密码;</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体; font-size: 16px; line-height: 24px; background-color: window;">
</span><span style="font-family: 宋体; font-size: 16px; line-height: 24px;
background-color: window;"> </span><span style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><span lang="EN-US">3、</span>密码设置中必须包含:英文大写字母(A-Z),英文小字字母(a-z),10个基本数字(0-9),特殊字符(如!$ % ^ *等)。</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 10.5pt; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体; font-size: 16px; line-height: 24px; background-color: window;">
</span><span style="font-family: 宋体; font-size: 16px; line-height: 24px;
background-color: window;"> </span><span style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><span lang="EN-US">4、</span>强制密码历史<span
lang="EN-US">24</span>个(不能使用之前最近使用的<span lang="EN-US">24</span>个密码);</span>
<span style="font-family: 宋体; font-size: 16px; line-height: 24px; background-color: window;">
</span><span style="font-family: 宋体; font-size: 16px; line-height: 24px;
background-color: window;"> </span><span style="font-size: 12.0pt; font-family: 宋体;
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><span lang="EN-US">密码修改方法请登录:http://wiki.doubioa.ren.com/changepassword</span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 13px; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体;"><span lang="EN-US"><font color="#969696">************************************************************************************************************************************************************************</font></span></span>
<p class="MsoNormal" align="left" style="text-align: justify; margin: 0cm 0cm 0.0001pt;
font-size: 13px; font-family: Calibri, sans-serif;">
<span style="font-family: 宋体;"><font color="#969696">系统自动提醒<span lang="EN-US">,</span>请不要回复<span
lang="EN-US">!</span>如有任何疑问,请联系help.list@doubi.ren,IT支持电话:010-8888888</font></span>
"@
#SMTP发信验证
$anonUser = pwd@doubioa.ren
$anonPass = ConvertTo-SecureString "89OP:./}+" -AsPlainText -Force
#发送邮件
Send-MailMessage -To "$user@doubi.ren" -Subject "您的域账户密码即将过期,请尽快更改!" -Bodyashtml $Emailbody -From "pwd@doubi.ren" -SmtpServer "mail.doubi.ren" -Encoding ([System.Text.Encoding]::UTF8)
#############################################
#查找账户的密码过期时间并发送至管理员账户
#############################################
$username=Get-ADUser $user -Properties *
$userobject=New-object psobject
$userobject | Add-Member -membertype noteproperty -Name 用户名 -value $username.displayname
$userobject | Add-Member -membertype noteproperty -Name 邮箱 -Value $username.mail
$userobject | Add-Member -membertype noteproperty -Name 最后一次密码设置 -Value $username.Passwordlastset
$userobject | Add-Member -membertype noteproperty -Name 密码过期时间 -Value $pwdlastday
$userobject | Add-Member -membertype noteproperty -Name 距离密码过期天数 -Value $expire_days
$userlist+=$userobject
}
}
$EmailbodyHTML=$userlist|
sort-object 距离密码过期天数 |
ConvertTo-Html |
Out-String
Send-MailMessage -To "help.list@doubi.ren" -Subject "域账户密码即将过期人员汇总通知" -Bodyashtml $EmailbodyHTML -From "pwd@doubi.ren" -SmtpServer "mail.doubi.ren" -Encoding ([System.Text.Encoding]::UTF8)
本文转自wangtingdong 51CTO博客,原文链接:http://blog.51cto.com/tingdongwang/1826728,如需转载请自行联系原作者