【发布时间】:2018-06-14 04:12:45
【问题描述】:
有人知道如何使用 Powershell 脚本禁用用户的 ESET 安全身份验证设置吗?
我有一个脚本可以禁用用户 Active Directory 帐户、重置密码并将其移动到新的 OU,但现在我不知道如何禁用与其 ESET 信息相关的属性。在 ADUC GUI 中,您可以取消选中他们的硬件令牌并撤销密钥,所以我想有一种方法可以使用可以包含在当前脚本中的脚本来完成。
# Imports module for running commandlets against Active Directory, and inputs user name
# into variable.
# Enter-PSSession DomainController // Need to run this commandlet from your local
# machine first.
Echo "You are about to disable a user account. Verify your information!"
Read-Host "Press ENTER to continue."
Import-module ActiveDirectory
$User1 = Read-Host -Prompt 'Enter the username of the employee you wish to change'
# Disables named users ActiveDirectory Account.
# "Locked Account" does not show but need to right click to enable
Disable-ADAccount -Identity $User1
# Adds AD group "Disabled Users" to named user group membership
Add-ADGroupMember -Identity 'Disabled Users' -Member $User1
# Set named users primary group to "Disabled Users"
Set-ADUser -Identity $User1 -Replace @{PrimaryGroupID="0000"}
# Removes groups assigned to named users membership
Get-ADUser -Identity $User1 -Properties MemberOf | ForEach-Object {
$_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false
}
# Changes named users password based on Administrators input
$newpwd = Read-Host "Enter the new password" -AsSecureString -WhatIf
Set-ADAccountPassword $User1 -NewPassword $newpwd –Reset -WhatIf
# Moves named user from current OU to "Employee DISABLED\DISABLED" container
get-aduser $User1 | move-adobject -targetpath
"ou=DISABLED,ou=Employee DISABLED,dc=DOMAINNAME,dc=com"
# Much respect due to the onesixooh!
Read-Host "Press ENTER to finish"
Write-Host " **********************************************************
>>> Get the money. Dolla dolla bill y'all. <<<
**********************************************************"
非常感谢任何建议。
【问题讨论】:
-
您的 AD 架构是否使用来自供应商的新属性进行了扩展?如果是这种情况,最好的办法是向供应商请求适当的程序。
-
不幸的是,因为所需的信息没有显示在 ADAC 中,所以在安装 ESET 安全身份验证应用程序后添加了一个全新的选项卡。
标签: powershell active-directory