powershell 从列表中禁用AD帐户每天一个帐户

oknwwptz  于 2023-04-30  发布在  Shell
关注(0)|答案(2)|浏览(210)

我正在尝试根据输入禁用AD帐户。TXT文件一个AD帐户,每天,由一个电子邮件时,成功。
Input.TXT内容:

User1.Name
Person1.Name
Person2.name
user2.Name
...
UserX.name
PersonX.Name

如果重新启动计划任务,理想情况下,脚本应继续到列表中的下一个活动AD帐户。
此脚本将在每个午夜的12:01 AM使用Scheduled任务运行。
到目前为止,这是我制作的:

$users = Get-Content "C:\userlist.txt"
$emailFrom = "your@email.com"
$emailTo = "recipient@email.com"
$smtpServer = "smtp.yourserver.com"

foreach ($user in $users) {
    try {
        Disable-ADAccount $user
        Send-MailMessage -From $emailFrom -To $emailTo -Subject "User Account Disabled" -Body "$user's account has been disabled." -SmtpServer $smtpServer
    } catch {
        Send-MailMessage -From $emailFrom -To $emailTo -Subject "Error Disabling User Account" -Body "An error occurred while disabling $user's account: $_" -SmtpServer $smtpServer
    }
    Start-Sleep -Seconds 86400
}
ut6juiuv

ut6juiuv1#

我个人会让任务完成每天从文件中一次删除一个用户。一个队列对我来说是有意义的,但也可以用一个列表来完成。

try {
    [System.Collections.Generic.Queue[string]] $users = Get-Content 'C:\userlist.txt'

    # is there something to process in the file?
    if(-not $users.Count) {
        # if not, the just exit this task
        return
    }
    # get the first user in queue
    $first = $users.Dequeue()

    $sendMailMessageSplat = @{
        From       = 'your@email.com'
        To         = 'recipient@email.com'
        Subject    = 'User Account Disabled'
        Body       = "$first's account has been disabled."
        SmtpServer = 'smtp.yourserver.com'
    }

    $user = Get-ADUser $first
    # if the user is enabled
    if($user.Enabled) {
        # disable and send email
        $user | Disable-ADAccount
        Send-MailMessage @sendMailMessageSplat
    }
    # if they were already disabled, nothing to do
    # save the file
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
    # if this user doesn't exist, then just save the file.
    # could send email here too if needed
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch {
    # if something failed send the email. file is not saved in this case
    # as this use will need to be re-processed
    $sendMailMessageSplat['Subject'] = 'Error Disabling User Account'
    $sendMailMessageSplat['Body'] = "An error occurred while disabling $first's account: $_"
    Send-MailMessage @sendMailMessageSplat
}
ergxz8rk

ergxz8rk2#

我认为你可以通过阅读文件(跳过空行)来做到这一点,将第一行作为用户禁用,然后将其余行保存回文件,以便第二天处理。

$inputFile = 'C:\userlist.txt'
# read the file, skipping empty or whitespace-only lines
$content = Get-Content -Path $inputFile | Where-Object { $_ -match '\S' }

# create a splatting Hashtable
$mailParams = @{
    From       = 'your@email.com'
    To         = 'recipient@email.com'
    SmtpServer = 'smtp.yourserver.com'
}

# are there any lines left?
if (@($content).Count -eq 0) {
    $mailParams['Subject'] = "File '$inputFile' is empty"
    $mailParams['Body']    = "No users to disable in file '$inputFile'"
}
else {
    # get the first line
    $user = $content[0]
    # and save all further lines back to the file to process the next day
    $content | Select-Object -Skip 1 | Set-Content -Path $inputFile -Force

    try {
        Disable-ADAccount -Identity $user -ErrorAction Stop
        $mailParams['Subject'] = 'User Account Disabled'
        $mailParams['Body']    = "$user's account has been disabled."
    }
    catch {
        $mailParams['Subject'] = 'Error Disabling User Account'
        $mailParams['Body']    = "An error occurred while disabling $user's account: $($_.Exception.Message)"
    }
}
# send out the email
Send-MailMessage @mailParams

相关问题