我正在尝试修改我在网上找到的 ps1 脚本。它应该检查密码到期前还有多少天,并将通知电子邮件发送到地址,存储在 Active Directory 帐户属性 - extensionAttribute1 中。无法使用 native 电子邮件属性,因为某些帐户没有电子邮件(无法使用 MSA 的系统帐户),通常我必须通知用户并向自己发送副本以记住这一点。原因:有些用户在登录时无法通过Windows系统消息通知,因为他们通过VPN(win XP)在域网络中工作。
有一个代码:

Import-Module ActiveDirectory

#System globalization
$ci = New-Object System.Globalization.CultureInfo("en-US")

#SMTP server name
$smtpServer = "mail.domain.local"

#Creating a Mail object
$msg = new-object Net.Mail.MailMessage

#Creating SMTP server object
$smtp = new-object Net.Mail.SmtpClient($smtpServer)


#E-mail structure
Function EmailStructure($to,$expiryDate,$upn)
{
$msg.IsBodyHtml = $true
$msg.From = "[email protected]"
$msg.To.Add($to)
$msg.Subject = "Password expiration notice"
$msg.Body = "<html><body><font face='Arial'>This is an automatically generated message from Exchange service.<br><br><b>Please note that the password for your account $upn will expire on $expiryDate.</b><br><br>Please change your password immediately or at least before this date as you will be unable to access the service without contacting your administrator.</font></body></html>"
}


#Set the target OU that will be searched for user accounts
$OU = "OU=Domain,DC=domain,DC=local"

$ADAccounts = Get-ADUser -LDAPFilter "(objectClass=user)" -searchbase $OU -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, Mail, Enabled | Where-object {$_.Enabled -eq $true -and $_.PasswordNeverExpires -eq $false}

Foreach ($ADAccount in $ADAccounts)
{
$accountFGPP = Get-ADUserResultantPasswordPolicy $ADAccount

                if ($accountFGPP -ne $null) {
                   $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
                } else {
                   $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
                }

#Fill in the user variables
$samAccountName = $ADAccount.samAccountName
<--  $userEmailAddress = $ADAccount.extensionAttribute1 -->
$userPrincipalName = $ADAccount.UserPrincipalName

if ($ADAccount.PasswordExpired) {
Write-host "The password for account $samAccountName has expired!"
} else {
$ExpiryDate = $ADAccount.PasswordLastSet + $maxPasswordAgeTimeSpan
Write-host "The password for account $samAccountName expires on: $ExpiryDate"

$TodaysDate = Get-Date
$DaysToExpire = $ExpiryDate - $TodaysDate
#Write-Host $DaysToExpire.Days
if ($DaysToExpire.Days -lt 7) {
$expiryDate = $expiryDate.ToString("d",$ci)

#Generate e-mail structure and send message

if ($userEmailAddress) {
EmailStructure $userEmailAddress $expiryDate $userPrincipalName
$smtp.Send($msg)
}
Write-Host "NOTIFICATION - $samAccountName :: e-mail was sent to $userEmailAddress"
  }

 }
}

但命令行不返回“extensionAttribute1”。
我用箭头标记了它。
有人可以帮忙吗?

最佳答案

您需要在 -Properties 参数($ADAccounts 分配)中包含 extensionAttribute1。

$ADAccounts = Get-ADUser ... -Properties  extensionAttribute1,PasswordExpired...

关于powershell - 从 ps1 脚本访问 ADUser.extensionAttribute,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/13012683/

10-15 17:02