AD 账户批量操作
Ricky
posted @ 2016年7月15日 17:52
in Other
, 3198 阅读
移动
dsmove "CN=username,OU=ouname,DC=domain,DC=Com" -newparent "OU=ouname,DC=domain,DC=Com"
重命名CN
dsmove "CN=username,OU=ouname,DC=tfsad,DC=com" -newname "newname"
组添加成员
dsmod group "CN=group,OU=ouname,DC=domain,DC=com" -addmbr "CN=username,OU=ouname,DC=domain,DC=Com"
获取组成员
dsget group "CN=group,OU=ouname,DC=domain,DC=com" -members
循环处理
for /f "Tokens=*" %s in ('dsquery user "OU=ouname, DC=domain, DC=com" -disabled -limit 0') do DSMOVE %s -newparent "ou=Disabled,dc=domain,dc=com"
For /F "delims=*" %%w IN ('dsquery user -desc Archived* "OU=Data Has Been Archived,OU=Base,OU=Staff,OU=Accounts - Archive,DC=Home,DC=co,DC=uk"') DO (
For /F "delims=*" %%g IN ('dsget user %%w -memberof -expand') DO (
dsmod group %%g -rmmbr %%w
)
)
使用PS
Set-ADUser $user -SamAccountName ("{0}" -f "newsam") -UserPrincipalName ("{0}@{1}" -f "upn","domain.com")
Rename-ADObject -Identity "CN=oldcn,OU=ou,DC=domain,DC=Com" -NewName "newcn"
用PowerShell配合CSV文件批量操作:
批量修改登录名称
$UserList=IMPORT-CSV C:\Users\ricky\Desktop\user.csv
FOREACH ($Person in $UserList) {
$CurrentName=$Person.ADCN
$NewName=$Person.EmployeeID
$UPN ="$NewName@domain.com"
Get-ADUser -Identity $CurrentName | Set-ADUser -SamAccountName $NewName -UserPrincipalName $UPN
Rename-ADObject -Identity "CN=$CurrentName,OU=ou,OU=ou,DC=domain,DC=Com" -NewName $NewName
}
批量修改用户信息
$UserList=IMPORT-CSV C:\Users\ricky\Desktop\user.csv
FOREACH ($Person in $UserList) {
$ADCN = $Person.ADCN
$Name = $Person.Name
$SurName = $Person.Name.Substring(0,1)
$GivenName = $Person.Name.Substring(1)
$DisplayName = $Person.Name
$Department = $Person.DepartmentNo+"-"+$Person.Department
$Company = $Person.Company
$Description = $Person.Role
$Title = $Person.Title
Get-ADUser -Identity $ADCN | Set-ADUser -GivenName $GivenName -SurName $SurName -DisplayName $DisplayName -Department $Department -Company $Company -Description $Description -Title $Title -EmployeeID $ADCN -EmployeeNumber $ADCN
}
批量添加用户到组
$UserList=IMPORT-CSV C:\Users\ricky\Desktop\user.csv
FOREACH ($Person in $UserList) {
$ACNO = $Person.ACNO
$UPN = $Person.ACNO+"@domain.com"
$Name = $Person.ACNO
$surName = $Person.Name.Substring(0,1)
$givenName = $Person.Name.Substring(1)
$Department = $Person.DepartmentNo+"-"+$Person.Department
$Email = $Person.Email
$Tel = $Person.Tel
$Mobile = $Person.Mobile
$Path = "OU=ou,DC=domain,DC=com"
New-ADUser -Name $Name -givenname $givenName -surname $surName -userprincipalname $UPN -Department $Department -DisplayName $Name -EmailAddress $Email -EmployeeID $ACNO -EmployeeNumber $ACNO -Enabled $true -AccountPassword (ConvertTo-SecureString "zaq12wsX" -AsPlainText -Force) -MobilePhone $Mobile -OfficePhone $Tel -Path $Path -SamAccountName $ACNO
}
删除:
Remove-ADUser -Identity id -Confirm:$false
获取上次登录时间:
Import-Module ActiveDirectory
$adusers = Get-ADUser -filter * -SearchBase "OU=BeforeADProject,OU=ACA Users,DC=***,DC=*****,DC=***" -Properties SamAccountName | select -expand SamAccountName
function Get-ADUserLastLogon([string]$userName)
{
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-host $username "last logged on at:" $dt }
$output = foreach ($aduser in $adusers){
Get-ADUserLastLogon -UserName $aduser
}
$UserList=IMPORT-CSV C:\Users\ricky\Desktop\user.csv
FOREACH ($Person in $UserList) {
$ADCN = $Person.ADCN
$IsEmployee = $Person.IsEmployee
if ($IsEmployee -eq "FE")
{
Add-ADGroupMember -Identity GroupName -Members $ADCN
}
}
移动:
Move-ADObject -Identity "OU=ManagedGroups,DC=Fabrikam,DC=Com" -TargetPath "OU=Managed,DC=Fabrikam,DC=Com"
2021年7月17日 15:00
The Girls here will give all sorts of fun enjoyment.