AD域控批量配置域用户下次登录需要修改密码
##### 读取csv文件批量设置域用户下次登录需要修改密码
Import-Module ActiveDirectory # 配置参数(SamAccountName参数为用户账号所在的列) $CSVFile = "C:\temp\All_AD_Users.csv" $UsernameColumn = "SamAccountName" # 读取CSV文件 $users = Import-Csv -Path $CSVFile -Encoding UTF8 Write-Host "开始处理 $($users.Count) 个用户..." -ForegroundColor Yellow $successCount = 0 $failCount = 0 foreach ($user in $users) { $username = $user.$UsernameColumn if (-not [string]::IsNullOrWhiteSpace($username)) { try { Set-ADUser -Identity $username -ChangePasswordAtLogon $true Write-Host " 成功: $username" -ForegroundColor Green $successCount++ } catch { Write-Host " 失败: $username - $_" -ForegroundColor Red $failCount++ } } } Write-Host "`n处理完成!" -ForegroundColor Cyan Write-Host "成功: $successCount" -ForegroundColor Green Write-Host "失败: $failCount" -ForegroundColor Red
##### 批量设置所有域用户下次登录需要修改密码【带白名单模式,白名单中的用户例外,支持*通配符】
#####批量设置所有域用户下次登录需要修改密码【带白名单模式,白名单中的用户例外】 Import-Module ActiveDirectory # 排除特定账户(如管理员、服务账户)使用通配符 $ExcludedPatterns = @("Administrator", "Guest", "krbtgt", "svc_*", "*admin*", "test*", "boss*") # 获取所有启用用户 $AllUsers = Get-ADUser -Filter {Enabled -eq $true} -Properties SamAccountName, PasswordNeverExpires # 初始化数组 $UsersToSet = @() $UsersNotToSet = @() # 分类用户 foreach ($User in $AllUsers) { $exclude = $false # 检查是否匹配排除模式 foreach ($pattern in $ExcludedPatterns) { if ($User.SamAccountName -like $pattern) { $exclude = $true break } } # 分类用户 if ($exclude -or $User.PasswordNeverExpires -eq $true) { $reason = if ($exclude) { "排除模式" } else { "密码永不过期" } $UsersNotToSet += [PSCustomObject]@{ SamAccountName = $User.SamAccountName Reason = $reason } } else { $UsersToSet += $User } } # 批量设置需要修改密码的用户 $successCount = 0 $failCount = 0 Write-Host "`n开始设置需要修改密码的用户..." -ForegroundColor Yellow foreach ($User in $UsersToSet) { try { Set-ADUser -Identity $User.SamAccountName -ChangePasswordAtLogon $true Write-Host "✓ 成功设置: $($User.SamAccountName)" -ForegroundColor Green $successCount++ } catch { Write-Host "✗ 失败: $($User.SamAccountName) - $_" -ForegroundColor Red $failCount++ # 将失败的用户添加到不设置列表中 $UsersNotToSet += [PSCustomObject]@{ SamAccountName = $User.SamAccountName Reason = "设置失败: $_" } } } # 统计并显示不需要修改密码的用户 Write-Host "`n" + ("-" * 50) -ForegroundColor Gray Write-Host "不需要修改密码的用户列表(共 $($UsersNotToSet.Count) 个):" -ForegroundColor Magenta if ($UsersNotToSet.Count -gt 0) { # 按用户名排序显示 $UsersNotToSet | Sort-Object SamAccountName | ForEach-Object { Write-Host " $($_.SamAccountName.PadRight(25)) - $($_.Reason)" -ForegroundColor Magenta } # 按原因分组统计 Write-Host "`n按原因分组统计:" -ForegroundColor Magenta $UsersNotToSet | Group-Object Reason | ForEach-Object { Write-Host " $($_.Name): $($_.Count) 个用户" -ForegroundColor Magenta } } else { Write-Host " 没有不需要修改密码的用户" -ForegroundColor Magenta } # 显示最终统计信息 Write-Host "`n" + ("=" * 50) -ForegroundColor Cyan Write-Host "执行结果统计:" -ForegroundColor Cyan Write-Host " 需要设置的用户总数: $($UsersToSet.Count)" -ForegroundColor White Write-Host " 成功设置的用户数: $successCount" -ForegroundColor Green Write-Host " 设置失败的用户数: $failCount" -ForegroundColor Red Write-Host " 不需要设置的用户数: $($UsersNotToSet.Count)" -ForegroundColor Magenta Write-Host " 总用户数(启用): $($AllUsers.Count)" -ForegroundColor White Write-Host "=" * 50 -ForegroundColor Cyan # 可选:将结果导出到CSV文件 $timestamp = Get-Date -Format "yyyyMMdd_HHmmss" $outputFile = "AD用户密码设置报告_$timestamp.csv" $report = @() foreach ($user in $UsersToSet) { $status = if ($user.SamAccountName -in ($UsersNotToSet | Where-Object { $_.Reason -like "设置失败*" }).SamAccountName) { "失败" } else { "成功" } $report += [PSCustomObject]@{ 用户名 = $user.SamAccountName 状态 = $status 类别 = "需要设置" 备注 = if ($status -eq "失败") { ($UsersNotToSet | Where-Object { $_.SamAccountName -eq $user.SamAccountName }).Reason } else { "已设置下次登录修改密码" } } } foreach ($user in $UsersNotToSet | Where-Object { $_.Reason -notlike "设置失败*" }) { $report += [PSCustomObject]@{ 用户名 = $user.SamAccountName 状态 = "未设置" 类别 = "不需要设置" 备注 = $user.Reason } } $report | Sort-Object 用户名 | Export-Csv -Path $outputFile -NoTypeInformation -Encoding UTF8 Write-Host "`n详细报告已保存到: $outputFile" -ForegroundColor Cyan
##### 批量取消所有用户下次登录需要修改密码
# 导入AD模块 Import-Module ActiveDirectory # 颜色定义 $SuccessColor = "Green" $ErrorColor = "Red" $InfoColor = "Cyan" $WarningColor = "Yellow" $ProgressColor = "Gray" # 获取所有启用用户 $users = Get-ADUser -Filter {Enabled -eq $true} Write-Host "`n开始批量取消设置'下次登录需修改密码'标志..." -ForegroundColor $WarningColor Write-Host "预计处理 $($users.Count) 个用户" -ForegroundColor $InfoColor Write-Host ("-" * 50) -ForegroundColor $ProgressColor $successCount = 0 $failCount = 0 for ($i = 0; $i -lt $users.Count; $i++) { $user = $users[$i] $progress = [math]::Round((($i + 1) / $users.Count) * 100, 1) try { # 同时取消两种设置方式 Set-ADUser -Identity $user.SamAccountName -ChangePasswordAtLogon $false Set-ADUser -Identity $user.SamAccountName -Replace @{pwdLastSet = -1} # 成功 - 绿色显示 Write-Host " ✓ $($user.SamAccountName)" -ForegroundColor $SuccessColor $successCount++ } catch { # 失败 - 红色显示 Write-Host " ✗ $($user.SamAccountName) - $_" -ForegroundColor $ErrorColor $failCount++ } } # 使用不同颜色显示最终统计 Write-Host "`n" + ("=" * 50) -ForegroundColor White Write-Host "处理完成!" -ForegroundColor White Write-Host ("=" * 50) -ForegroundColor White Write-Host "成功: $successCount" -ForegroundColor $SuccessColor Write-Host "失败: $failCount" -ForegroundColor $ErrorColor Write-Host "总计: $($users.Count)" -ForegroundColor $InfoColor
浙公网安备 33010602011771号