Windows2019AD DS修改用户密码、锁定、过期
脚本#1、用户忘记密码是重置用户密码、解除锁定状态、设置过期等。
<# .SYNOPSIS 重置Active Directory用户密码并解锁账户,密码固定为Passw0rd2025new .DESCRIPTION 此脚本用于重置指定AD用户的密码,并可选地解锁账户和强制下次登录时修改密码。包含详细的错误处理和日志记录功能。 .PARAMETER Username 要重置密码的用户名(sAMAccountName) .PARAMETER RequirePasswordChange 是否要求用户下次登录时修改密码 .PARAMETER LogFilePath 日志文件路径,默认为脚本同目录下的日志文件 .EXAMPLE .\Reset-ADPassword.ps1 -Username "pc1" 使用默认密码重置pc1用户的密码 .EXAMPLE .\Reset-ADPassword.ps1 -Username "pc1" -RequirePasswordChange $true 使用指定密码重置并强制下次修改 #> [CmdletBinding()] param( [Parameter(Mandatory=$true, Position=0, HelpMessage="请输入要重置密码的用户名")] [ValidateNotNullOrEmpty()] [string]$Username, [Parameter(Mandatory=$false)] [bool]$RequirePasswordChange = $false, [Parameter(Mandatory=$false)] [string]$LogFilePath = "$PSScriptRoot\ADPasswordReset_$(Get-Date -Format 'yyyyMMdd').log" ) #region 初始化 # 设置错误处理 $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" # 创建自定义函数用于记录日志 function Write-Log { param( [Parameter(Mandatory=$true)] [string]$Message, [Parameter(Mandatory=$false)] [ValidateSet("INFO", "WARNING", "ERROR", "SUCCESS")] [string]$Level = "INFO" ) $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" $logMessage = "[$timestamp] [$Level] $Message" # 控制台输出(带颜色) switch ($Level) { "SUCCESS" { Write-Host $logMessage -ForegroundColor Green } "WARNING" { Write-Host $logMessage -ForegroundColor Yellow } "ERROR" { Write-Host $logMessage -ForegroundColor Red } default { Write-Host $logMessage -ForegroundColor Cyan } } # 写入日志文件 try { Add-Content -Path $LogFilePath -Value $logMessage -Encoding UTF8 } catch { Write-Host "[$timestamp] [ERROR] 无法写入日志文件: $_" -ForegroundColor Red } } # 开始执行 Write-Log "======================== 开始执行密码重置脚本 ========================" -Level "INFO" Write-Log "目标用户: $Username" -Level "INFO" Write-Log "日志文件: $LogFilePath" -Level "INFO" #endregion #region 主逻辑 try { # 检查ActiveDirectory模块 Write-Log "正在检查ActiveDirectory模块..." -Level "INFO" if (-not (Get-Module -ListAvailable -Name ActiveDirectory)) { throw "ActiveDirectory模块未安装,请先安装RSAT工具。" } # 导入模块 Write-Log "正在导入ActiveDirectory模块..." -Level "INFO" Import-Module ActiveDirectory -ErrorAction Stop -WarningAction SilentlyContinue Write-Log "ActiveDirectory模块导入成功" -Level "SUCCESS" # 检查用户是否存在 Write-Log "正在检查用户 $Username 是否存在..." -Level "INFO" $user = Get-ADUser -Identity $Username -ErrorAction Stop Write-Log "用户 $Username 找到 (显示名称: $($user.Name))" -Level "SUCCESS" # 使用固定密码 $password = "Passw0rd2025new" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force Write-Log "使用默认的密码" -Level "INFO" # 重置密码 Write-Log "正在重置用户 $Username 的密码..." -Level "INFO" Set-ADAccountPassword -Identity $Username -Reset -NewPassword $securePassword -ErrorAction Stop Write-Log "密码重置成功" -Level "SUCCESS" # 检查账户是否被锁定并解锁 Write-Log "检查账户锁定状态..." -Level "INFO" $locked = (Get-ADUser -Identity $Username -Properties LockedOut).LockedOut if ($locked) { Unlock-ADAccount -Identity $Username -ErrorAction Stop Write-Log "账户已解锁" -Level "SUCCESS" } else { Write-Log "账户未锁定" -Level "INFO" } # 设置密码过期策略 Write-Log "设置密码策略..." -Level "INFO" if ($RequirePasswordChange) { Set-ADUser -Identity $Username -ChangePasswordAtLogon $true -ErrorAction SilentlyContinue Write-Log "已设置为下次登录时必须更改密码" -Level "SUCCESS" } #else # 清除密码过期标志(如果需要) Set-ADUser -Identity $Username -PasswordNeverExpires $false -ErrorAction SilentlyContinue # 输出结果摘要 Write-Log " " -Level "INFO" Write-Log "======================== 操作完成摘要 ========================" -Level "SUCCESS" Write-Log "用户: $($user.SamAccountName)" -Level "INFO" Write-Log "显示名称: $($user.Name)" -Level "INFO" Write-Log "用户DN: $($user.DistinguishedName)" -Level "INFO" Write-Log "密码重置: 成功" -Level "SUCCESS" Write-Log "账户解锁: $(if($locked){'是'}else{'否'})" -Level "INFO" Write-Log "强制下次更改密码: $(if($RequirePasswordChange){'是'}else{'否'})" -Level "INFO" Write-Log "所有操作已成功完成" -Level "SUCCESS" # 返回成功对象 [PSCustomObject]@{ Username = $Username Name = $user.Name Success = $true PasswordChanged = $true AccountUnlocked = $locked RequirePasswordChange = $RequirePasswordChange Timestamp = Get-Date } } catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { Write-Log "错误:未找到用户 '$Username'" -Level "ERROR" Write-Log "请检查用户名是否正确,或用户是否存在于当前域中" -Level "ERROR" throw } catch [System.Security.Authentication.AuthenticationException] { Write-Log "错误:身份验证失败" -Level "ERROR" Write-Log "请确保使用具有足够权限的账户运行此脚本" -Level "ERROR" throw } catch [System.UnauthorizedAccessException] { Write-Log "错误:权限不足" -Level "ERROR" Write-Log "当前用户没有重置密码或解锁账户的权限" -Level "ERROR" throw } catch { Write-Log "错误:$_" -Level "ERROR" Write-Log "错误详情:$($_.Exception.Message)" -Level "ERROR" Write-Log "堆栈跟踪:$($_.ScriptStackTrace)" -Level "ERROR" throw } finally { Write-Log "======================== 脚本执行结束 ========================" -Level "INFO" Write-Log " " -Level "INFO" } #endregion
简单脚本2、学习用户管理命令
# 简单的交互式管理界面 function Show-ADUserManagementMenu { Clear-Host while ($true) { Write-Host "`n=== Active Directory 用户管理 ===" -ForegroundColor Cyan Write-Host "1. 设置账户过期时间" Write-Host "2. 删除账户" Write-Host "3. 禁用账户" Write-Host "4. 启用账户" Write-Host "5. 重置密码" Write-Host "6. 查看账户信息" Write-Host "0. 退出" Write-Host "`n" $choice = Read-Host "请选择操作 (0-6)" switch ($choice) { "1" { $user = Read-Host "请输入用户名" $date = Read-Host "请输入过期日期 (yyyy-MM-dd)" Set-ADUser -Identity $user -AccountExpirationDate $date Write-Host "账户过期时间已设置" -ForegroundColor Green Pause } "2" { $user = Read-Host "请输入要删除的用户名" $confirm = Read-Host "确定删除用户 '$user' 吗?(Y/N)" if ($confirm -eq 'Y') { Remove-ADUser -Identity $user -Confirm:$false Write-Host "账户已删除" -ForegroundColor Green } Pause } "3" { $user = Read-Host "请输入要禁用的用户名" Disable-ADAccount -Identity $user Write-Host "账户已禁用" -ForegroundColor Yellow Pause } "4" { $user = Read-Host "请输入要启用的用户名" Enable-ADAccount -Identity $user Write-Host "账户已启用" -ForegroundColor Green Pause } "5" { $user = Read-Host "请输入用户名" $password = "Passw0rd2025new" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force Set-ADAccountPassword -Identity $user -Reset -NewPassword $securePassword Write-Host "密码已重置" -ForegroundColor Green Pause } "6" { $user = Read-Host "请输入用户名" Get-ADUser -Identity $user -Properties * | Format-List Name, SamAccountName, Enabled, AccountExpirationDate, LastLogonDate, Created, LockedOut Pause } "0" { Write-Host "再见!" -ForegroundColor Cyan return } default { Write-Host "无效选择,请重试" -ForegroundColor Red Pause } } Clear-Host } } Show-ADUserManagementMenu
浙公网安备 33010602011771号