Shulou(Shulou.com)06/01 Report--

1. Use PowerShell query to specify the creation time of all accounts in OU\ SID\ last password modification time\ last login time:

Get-ADuser-searchbase 'OU=LL,DC=LL,DC=COM'-filter *-Properties * | Select-Object Name,SID, Created,PasswordLastSet,@ {n = "lastLogonDate"; e = {[datetime]:: FromFileTime

($_ .lastLogonTimestamp)}} | Export-CSV zuihoudenglu.csv-NoTypeInformation-Encoding UTF8

two。 In query AD, the default password policy (password complexity note, locking policy, password length, password validity time): Get-ADDefaultDomainPasswordPolicy

3. Query which users in AD have been selected for the "password never expires" option:

Query users in the domain with the password never expire option checked

Get-ADUser-Filter 'PasswordNeverExpires-eq $true'-Server A | select name

Query a user in an OU whose password never expires option is checked and export

Get-ADUser-searchbase 'OU=ll,DC=ll,DC=com'-Filter 'PasswordNeverExpires-eq $true'-Server A | select name | Export-CSV mimayongbuguoqi.csv-NoTypeInformation-

Encoding UTF8

4. Query locked users in AD

Get-aduser-filter *-properties * | where {$_ .lockedout} | ft name,lockedout

5. Query which mail groups are empty members in AD

Get-ADGroup-Filter *-Properties Members | where {- not $_ .Members} | select Name

6. Query all OU accounts in AD that have not logged in within one month

Get-ADuser-searchbase 'OU=ll,DC=ll,DC=com'-filter *-Properties * | Select-Object Name,SID, Created,PasswordLastSet,@ {n = "lastLogonDate"; e =

{[datetime]:: FromFileTime ($_ .lastLogonTimestamp)}} | where {$_ .lastlogondate-lt (get-date) .AddDays (- 30)}

Get-ADuser-searchbase 'OU=ll,DC=ll,DC=com'-filter *-Properties * | Select-Object Name,SID, Created,PasswordLastSet,@ {n = "lastLogonDate"; e =

{[datetime]:: FromFileTime ($_ .lastLogonTimestamp)}}

7. Query the disabled accounts in AD

Get-aduser-filter *-SearchBase "OU=ll,DC=ll,DC=com" | where {($_ .enabled-eq $false)-and (($_ .DistinguishedName) .Concluded ("Leave")-eq $false)} | select

Samaccountname,Surname,givenname,enabled,DistinguishedName | Export-Csv-Encoding Unicode-NoTypeInformation D:\ ps\ jinyongzhanghao.csv

8. Query the disabled account in AD and enable it (empty in the exported csv file after enabling, probably because the export file is a disabled account, and the disabled account has been enabled)

Get-aduser-filter *-SearchBase "OU=ll,DC=ll,DC=com" | where {($_ .enabled-eq $false)-and (($_ .DistinguishedName) .Concluded ("Leave")-eq $false)} | Export-Csv-

Encoding Unicode-NoTypeInformation D:\ ps\ qiyongzhanghao.csv | Enable-ADAccount

9. Query the computer that is logged in within the specified time

Search-ADAccount-AccountInactive-TimeSpan "3"-ComputersOnly | select name | export-csv computertime.csv

$a=Import-Csv computertime.csv

Foreach ($b in $a) {

Get-adcomputer $b.name | Move-ADObject-TargetPath "ou=delete,ou=ll,dc=ll,dc=com"

}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.