The script fixes the date of installation of the user's password in AD

Hello world!
Sometimes a situation arises when a user wants to change the date of setting the password in Active Directory. Represent the script. I'm sure many will be useful.
set-ADUserPswDate.ps1
# Main script change the date set the password for the file or a user account.
# Author Lushin Kirill
# luzhin.kirill@yandex.ru

Add-PSSnapin Quest.ActiveRoles.ADManagement;

$gsFilename = "c:\scriptps\set-ADUserPswDate.txt";
$giRows = (Get-Content-literalpath parameter $gsFilename).Count;
$giX = 0;
$giMinimumSleep = 218;
$giMaximumSleep = 884;
$gtBeginDay = "08:00:00";
$gtEndDay = "19:00:00";
$today_date = Get-date-Format "dd.MM.yyyy";

function set-password($lsAccount) {
Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=0} | Out-Null;
Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=-1} | Out-Null;
}

function get-password($lsAccount) {
get-qaduser $lsAccount -IncludedProperties pwdLastSet | % {$lsPwdLastSet = $_.pwdLastSet;}
$lsPwdLastSet = $lsPwdLastSet.AddHours(3);
$lsPwdLastSetNorm = get-date-uformat '%d.%m.%Y %R' -Date $lsPwdLastSet;
return $lsPwdLastSetNorm;
}

function send-eMail($to,$toCc,$text="",$subject="the modification date setup password",$toBcc="admin3@domain.com") {
write-host "To: $to | subject: $subject | text: $text";
$Enc = [Text.Encoding]::UTF8;
Send-MailMessage -to $to-from "admin1@domain.com" -Bcc $toBcc -Cc $toCc -subject $subject-smtpServer MAIL-SRV-BodyAsHtml $text -Encoding $Enc;
}

function get-sleepRandom($liMinimum, $liMaximum) {
$giSleep = Get-Random -minimum $liMinimum -maximum $liMaximum
# $giSleep = 30;
$giSleepS = $giSleep % 60;
$giSleepM = $giSleep - $giSleepS;
$giSleepM = $giSleepM / 60;
$gdFuture = (Get-Date).AddSeconds($giSleep);
write-host "Waiting for"$giSleepM" minutes "$giSleepS" seconds (will fail "$gdFuture")...";
Start-Sleep -Seconds $giSleep
}

isAtWork function($ltBegin, $ltEnd) {
$lbAtWork = $FALSE;

$giDayOfWeek = (get-date).DayOfWeek.ToString('d');

if (($giDayOfWeek -gt 0) -and ($giDayOfWeek -lt 6)) {
$today_date_full = $today_date + "" + $ltBegin;
$today_date_full2 = $today_date + "" + $ltEnd;
write-host $today_date_full" - "$today_date_full2;
$a=[datetime]::parse($today_date_full);
$c=[datetime]::parse($today_date_full2);
$b = get-date;

if (($b -gt $a) -and ($b-lt $c)) {
write-host $b". Time after 8:00 before 19:00, the user can change the password!";
$lbAtWork = $TRUE;
} else {
write-host "Time until 8:00 or after 19:00, the user can not change password.";
}
} else {
write-host "Today is a holiday, the user is not at work.";
}

return $lbAtWork;
}

function update-password_wReport($lsAccount) {
write-host " ";
write-host "*"$lsAccount;
$gbAtWork = isAtWork $gtBeginDay $gtEndDay;
if ($gbAtWork) {
$gsPwdLastSet = get-password $lsAccount;
$lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td>";
set-password $lsAccount;
$gsPwdLastSet = get-password $lsAccount;
$lsText = $lsText + "<td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td></tr>";
} else {
$lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'>Not at work</td><td style='border:1px solid RGB(200,200,200);'></td></tr>";
}
return $lsText;
}

$gsText = $gsText + "<table style='border-collapse:collapse; width:500px; font-family:Tahoma,Arial,Calibri;font-size:10pt;'>";
$gsText = $gsText + "<tr><td style='width:40%; border:1px solid RGB(200,200,200); text-align:center;'>Account</td>";
$gsText = $gsText + "<td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'></td><td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'>Became</td></tr>";

if ($ARGS[0] -ne $Null) {
$gsText = $gsText + (update-password_wReport $ARGS[0]);
} else {
Get-Content-literalpath parameter $gsFilename | 
% {
$gsText = $gsText + (update-password_wReport $_);

$giX = $giX + 1;
if ($giX -lt $giRows) {
get-sleepRandom $giMinimumSleep $giMaximumSleep;
}
}
}
$gsText = $gsText + "</table>";
if ($ARGS[1] -ne $Null) {
send-eMail $ARGS[1] "admin1@domain.com" $gsText;
} else {
send-eMail "admin1@domain.com" "admin2@domain.com" $gsText;
}


Under the cut description, use and characteristics.

First you need to set ActiveRoles Management Shell for Active Directory.
The script can take as a parameter the account change date of the password which must be reset. Without parameters, the script works on file "c:\scriptps\set-ADUserPswDate.txt" (spelled in the script). In the file each account is written on a new line.
Features of the script:
1. To set the date setting the password you can only reset and set the current date. Work features of the Active Directory.
2. If the script works on the file (i.e. list of users), the passwords are reset overnight, after all, and with a random interval between users. Possible duration of the interruption from 218 to 884 seconds.
3. The password will not be reset to 8:00 and after 19:00 and on weekends.
4. The execution log of the script is sent to the two administrators. Here is the log:
Article based on information from habrahabr.ru

Комментарии

Популярные сообщения из этого блога

Performance comparison of hierarchical models, Django and PostgreSQL

google life search

Transport Tycoon Deluxe / Emscripten part 2