禁用AD账户,每天一个账户。

huangapple go评论77阅读模式
英文:

Disabling AD account from a list one account per day

问题

我试图根据 input.TXT 文件每天禁用一个AD帐户,然后在成功后发送电子邮件。

Input.TXT 内容:

User1.Name
Person1.Name
Person2.name
user2.Name
...
UserX.name
PersonX.Name

如果计划任务重新启动,脚本应该理想情况下继续到列表中的下一个活动AD帐户。

此脚本将使用定时任务在每天午夜12:01 AM执行。

到目前为止,这是我已经制作的:

$users = Get-Content "C:\userlist.txt"
$emailFrom = "your@email.com"
$emailTo = "recipient@email.com"
$smtpServer = "smtp.yourserver.com"

foreach ($user in $users) {
try {
Disable-ADAccount $user
Send-MailMessage -From $emailFrom -To $emailTo -Subject "User Account Disabled" -Body "$user's account has been disabled." -SmtpServer $smtpServer
} catch {
Send-MailMessage -From $emailFrom -To $emailTo -Subject "Error Disabling User Account" -Body "An error occurred while disabling $user's account: $_" -SmtpServer $smtpServer
}
Start-Sleep -Seconds 86400
}

英文:

I am trying to disable the AD account based on the input.TXT file one AD account per day, followed by an email when successful.

Input.TXT content:

User1.Name
Person1.Name
Person2.name
user2.Name
...
UserX.name
PersonX.Name

If the scheduled task is restarted, the script should ideally continue to the next active AD account in the list.

This script will be run using the Scheduled task at 12:01 AM every midnight.

So far, here's what I've produced:

$users = Get-Content "C:\userlist.txt"
$emailFrom = "your@email.com"
$emailTo = "recipient@email.com"
$smtpServer = "smtp.yourserver.com"

foreach ($user in $users) {
    try {
        Disable-ADAccount $user
        Send-MailMessage -From $emailFrom -To $emailTo -Subject "User Account Disabled" -Body "$user's account has been disabled." -SmtpServer $smtpServer
    } catch {
        Send-MailMessage -From $emailFrom -To $emailTo -Subject "Error Disabling User Account" -Body "An error occurred while disabling $user's account: $_" -SmtpServer $smtpServer
    }
    Start-Sleep -Seconds 86400
}

答案1

得分: 1

我个人会让每天完成一次任务,每次从文件中移除一个用户。对我来说,使用队列是有道理的,但也可以使用列表来完成。

try {
    [System.Collections.Generic.Queue[string]] $users = Get-Content 'C:\userlist.txt';

    # 文件中是否有要处理的内容?
    if (-not $users.Count) {
        # 如果没有,就退出此任务
        return
    }
    # 获取队列中的第一个用户
    $first = $users.Dequeue()

    $sendMailMessageSplat = @{
        From       = 'your@email.com';
        To         = 'recipient@email.com';
        Subject    = 'User Account Disabled';
        Body       = "$first's account has been disabled.";
        SmtpServer = 'smtp.yourserver.com';
    }

    $user = Get-ADUser $first
    # 如果用户已启用
    if ($user.Enabled) {
        # 禁用并发送电子邮件
        $user | Disable-ADAccount
        Send-MailMessage @sendMailMessageSplat
    }
    # 如果他们已被禁用,不需要执行任何操作
    # 保存文件
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
    # 如果此用户不存在,则只需保存文件。
    # 如果需要,也可以在此处发送电子邮件
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch {
    # 如果出现错误,发送电子邮件。在这种情况下,不保存文件
    # 因为这个用户将需要重新处理
    $sendMailMessageSplat['Subject'] = 'Error Disabling User Account';
    $sendMailMessageSplat['Body'] = "在禁用 $first 的帐户时发生错误: $_";
    Send-MailMessage @sendMailMessageSplat
}
英文:

I would personally let the task finish daily removing one user at a time from the file. A Queue makes sense to me but could be also done with a List.

try {
    [System.Collections.Generic.Queue[string]] $users = Get-Content 'C:\userlist.txt'

    # is there something to process in the file?
    if(-not $users.Count) {
        # if not, the just exit this task
        return
    }
    # get the first user in queue
    $first = $users.Dequeue()

    $sendMailMessageSplat = @{
        From       = 'your@email.com'
        To         = 'recipient@email.com'
        Subject    = 'User Account Disabled'
        Body       = "$first's account has been disabled."
        SmtpServer = 'smtp.yourserver.com'
    }

    $user = Get-ADUser $first
    # if the user is enabled
    if($user.Enabled) {
        # disable and send email
        $user | Disable-ADAccount
        Send-MailMessage @sendMailMessageSplat
    }
    # if they were already disabled, nothing to do
    # save the file
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
    # if this user doesn't exist, then just save the file.
    # could send email here too if needed
    Set-Content 'C:\userlist.txt' -Value $users.ToArray()
}
catch {
    # if something failed send the email. file is not saved in this case
    # as this use will need to be re-processed
    $sendMailMessageSplat['Subject'] = 'Error Disabling User Account'
    $sendMailMessageSplat['Body'] = "An error occurred while disabling $first's account: $_"
    Send-MailMessage @sendMailMessageSplat
}

答案2

得分: 1

我认为你可以通过阅读文件(跳过空行),将顶部行视为要禁用的用户并保存其余行回文件以在第二天处理。

英文:

I think you can do this by reading the file (skipping empty lines), taking the top line as the user to disable and then save the rest of the lines back to the file to process the next day.

$inputFile = 'C:\userlist.txt'
# read the file, skipping empty or whitespace-only lines
$content = Get-Content -Path $inputFile | Where-Object { $_ -match '\S' }

# create a splatting Hashtable
$mailParams = @{
    From       = 'your@email.com'
    To         = 'recipient@email.com'
    SmtpServer = 'smtp.yourserver.com'
}

# are there any lines left?
if (@($content).Count -eq 0) {
    $mailParams['Subject'] = "File '$inputFile' is empty"
    $mailParams['Body']    = "No users to disable in file '$inputFile'"
}
else {
    # get the first line
    $user = $content[0]
    # and save all further lines back to the file to process the next day
    $content | Select-Object -Skip 1 | Set-Content -Path $inputFile -Force

    try {
        Disable-ADAccount -Identity $user -ErrorAction Stop
        $mailParams['Subject'] = 'User Account Disabled'
        $mailParams['Body']    = "$user's account has been disabled."
    }
    catch {
        $mailParams['Subject'] = 'Error Disabling User Account'
        $mailParams['Body']    = "An error occurred while disabling $user's account: $($_.Exception.Message)"
    }
}
# send out the email
Send-MailMessage @mailParams

huangapple
  • 本文由 发表于 2023年3月31日 20:23:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/75898492.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定