The script fixes the date of installation of the user's password in AD

Hello world!
Sometimes a situation arises when a user wants to change the date of setting the password in Active Directory. Represent the script. I'm sure many will be useful.
set-ADUserPswDate.ps1
# Main script change the date set the password for the file or a user account.
# Author Lushin Kirill
# luzhin.kirill@yandex.ru

Add-PSSnapin Quest.ActiveRoles.ADManagement;

$gsFilename = "c:\scriptps\set-ADUserPswDate.txt";
$giRows = (Get-Content-literalpath parameter $gsFilename).Count;
$giX = 0;
$giMinimumSleep = 218;
$giMaximumSleep = 884;
$gtBeginDay = "08:00:00";
$gtEndDay = "19:00:00";
$today_date = Get-date-Format "dd.MM.yyyy";

function set-password($lsAccount) {
Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=0} | Out-Null;
Set-QADUser $lsAccount -ObjectAttributes @{pwdLastSet=-1} | Out-Null;
}

function get-password($lsAccount) {
get-qaduser $lsAccount -IncludedProperties pwdLastSet | % {$lsPwdLastSet = $_.pwdLastSet;}
$lsPwdLastSet = $lsPwdLastSet.AddHours(3);
$lsPwdLastSetNorm = get-date-uformat '%d.%m.%Y %R' -Date $lsPwdLastSet;
return $lsPwdLastSetNorm;
}

function send-eMail($to,$toCc,$text="",$subject="the modification date setup password",$toBcc="admin3@domain.com") {
write-host "To: $to | subject: $subject | text: $text";
$Enc = [Text.Encoding]::UTF8;
Send-MailMessage -to $to-from "admin1@domain.com" -Bcc $toBcc -Cc $toCc -subject $subject-smtpServer MAIL-SRV-BodyAsHtml $text -Encoding $Enc;
}

function get-sleepRandom($liMinimum, $liMaximum) {
$giSleep = Get-Random -minimum $liMinimum -maximum $liMaximum
# $giSleep = 30;
$giSleepS = $giSleep % 60;
$giSleepM = $giSleep - $giSleepS;
$giSleepM = $giSleepM / 60;
$gdFuture = (Get-Date).AddSeconds($giSleep);
write-host "Waiting for"$giSleepM" minutes "$giSleepS" seconds (will fail "$gdFuture")...";
Start-Sleep -Seconds $giSleep
}

isAtWork function($ltBegin, $ltEnd) {
$lbAtWork = $FALSE;

$giDayOfWeek = (get-date).DayOfWeek.ToString('d');

if (($giDayOfWeek -gt 0) -and ($giDayOfWeek -lt 6)) {
$today_date_full = $today_date + "" + $ltBegin;
$today_date_full2 = $today_date + "" + $ltEnd;
write-host $today_date_full" - "$today_date_full2;
$a=[datetime]::parse($today_date_full);
$c=[datetime]::parse($today_date_full2);
$b = get-date;

if (($b -gt $a) -and ($b-lt $c)) {
write-host $b". Time after 8:00 before 19:00, the user can change the password!";
$lbAtWork = $TRUE;
} else {
write-host "Time until 8:00 or after 19:00, the user can not change password.";
}
} else {
write-host "Today is a holiday, the user is not at work.";
}

return $lbAtWork;
}

function update-password_wReport($lsAccount) {
write-host " ";
write-host "*"$lsAccount;
$gbAtWork = isAtWork $gtBeginDay $gtEndDay;
if ($gbAtWork) {
$gsPwdLastSet = get-password $lsAccount;
$lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td>";
set-password $lsAccount;
$gsPwdLastSet = get-password $lsAccount;
$lsText = $lsText + "<td style='border:1px solid RGB(200,200,200);'>" + $gsPwdLastSet + "</td></tr>";
} else {
$lsText = "<tr><td style='border:1px solid RGB(200,200,200);'><strong>" + $lsAccount + "</strong></td><td style='border:1px solid RGB(200,200,200);'>Not at work</td><td style='border:1px solid RGB(200,200,200);'></td></tr>";
}
return $lsText;
}

$gsText = $gsText + "<table style='border-collapse:collapse; width:500px; font-family:Tahoma,Arial,Calibri;font-size:10pt;'>";
$gsText = $gsText + "<tr><td style='width:40%; border:1px solid RGB(200,200,200); text-align:center;'>Account</td>";
$gsText = $gsText + "<td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'></td><td style='width:130px; border:1px solid RGB(200,200,200); text-align:center;'>Became</td></tr>";

if ($ARGS[0] -ne $Null) {
$gsText = $gsText + (update-password_wReport $ARGS[0]);
} else {
Get-Content-literalpath parameter $gsFilename | 
% {
$gsText = $gsText + (update-password_wReport $_);

$giX = $giX + 1;
if ($giX -lt $giRows) {
get-sleepRandom $giMinimumSleep $giMaximumSleep;
}
}
}
$gsText = $gsText + "</table>";
if ($ARGS[1] -ne $Null) {
send-eMail $ARGS[1] "admin1@domain.com" $gsText;
} else {
send-eMail "admin1@domain.com" "admin2@domain.com" $gsText;
}


Under the cut description, use and characteristics.

First you need to set ActiveRoles Management Shell for Active Directory.
The script can take as a parameter the account change date of the password which must be reset. Without parameters, the script works on file "c:\scriptps\set-ADUserPswDate.txt" (spelled in the script). In the file each account is written on a new line.
Features of the script:
1. To set the date setting the password you can only reset and set the current date. Work features of the Active Directory.
2. If the script works on the file (i.e. list of users), the passwords are reset overnight, after all, and with a random interval between users. Possible duration of the interruption from 218 to 884 seconds.
3. The password will not be reset to 8:00 and after 19:00 and on weekends.
4. The execution log of the script is sent to the two administrators. Here is the log:
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Python-digest #8. News, interesting projects, articles and interviews [20 Dec 2013 — 27 Dec 2013]

Изображение
in a Hurry to congratulate all with coming new year. The gift I really is quite small — all the same latest news about Python and surrounding technologies. But there are interesting things about searching, Android applications, graphical interface for databases, OAuth, TDD, CMS and other letter combinations. The results of the vote previous digest with a lead of as many as six votes I not allowed to do the release on 3 January, we expect the extended version of January 10, Thank you owlman for illustration to the issue. By the way, he also writing about Python but unfortunately, not very often. Dreams patch the day to 30 hours instead of 24. the Articles and interviews the the time series Analysis with python An attempt to describe the process of analyzing time series using the statsmodels module. TDD with Django 1.6 An example implementation of the approach code development based on writing tests and subsequent writing code that passes those tests....
Далее...

Performance comparison of hierarchical models, Django and PostgreSQL

Изображение
Good day, dear readers. Today's article will be devoted to the comparison of models of working with hierarchical data in PostgreSQL via Django app. In the article I specifically do not use a clean implementation in the database, because I'm interested in is performance in an environment close to combat. All tests were performed on my data and results are relevant for this data on your data the result may differ from that obtained in the article. Model implementation of the hierarchical structures in the database For working with such structures in PostgreSQL you can use the following modely : the Adjacency model (AM) — model, when the column is stored parent; the Nested Sets (NS) model when paired column stores the range of all sub-elements; the Materialised Path model (MP) model, when the column is stored the full path to the element. Also details about the implementation of hierarchical structures in a relational database, you can read here . To imp...
Далее...

google life search

Изображение
Yesterday Google announced the Live search So, what is it and how to use it? Did it make your search more relevant and convenient for users? How to get it, where to enter a query to see live results? The algorithm is still driven around and while fully works only for English queries. You enter the query and see the results of the search in the middle of the page in the section Latest result for “your request”. Can try enter your query here . For example, a request Obama. About the middle of the page is visible to block the Latest results that are updated in real-time. New results on request Obama constantly updated and added to the search results. If this text is annoying, you can pause by clicking "Pause", but completely remove the "live search" from the results it is impossible. Adam Smith, a Google employee, guiding the development of new search system in real time, says that not all queries can be seen regularly updated information: ...
Далее...