1

下面是我的 Powershell 脚本 -

Import-Module ActiveDirectory
$objOU=[ADSI]“LDAP://OU=Service,OU=Accounts,DC=xyz,DC=com”;
$dataSource=import-csv “add_user2.csv”;

foreach($dataRecord in $datasource) 
{
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName

$displayName=$sn + “, ” + $givenName
$userPrincipalName=$sAMAccountName + “@test.com”;

#Additional Attributes
$objUser=$objOU.Create(“user”,”CN=”+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)

#Place the additional attributes into the record

$objUser.Put("PasswordNeverExpires", $true)
$objUser.SetInfo()

}

我正在尝试使用上述脚本设置 ActiveDirectory 用户的值。我面临的问题是我无法将“帐户”选项卡中“帐户选项”下的“PasswordNeverExpires”属性设置为 True。

我的输入文件“add_user1.csv”看起来像 -

FirstName   LastName
Test              Account1

将感谢所有帮助。

问候。

4

2 回答 2

2

没有 PasswordNeverExpires 属性。如果你继续运行Get-Member$objUser你会看到这个。这些属性由 UserAccountControl 控制。更多信息请看这里

这篇博客文章详细介绍了如何将密码永不过期属性设置为 true:

Setting "Password never expire" attribute on user object 
This property unlike many other properties of AD object are contained in bitmask
attribute UserAccountControl 
(not related in any way with User Account Control feature of Windows). 
To set it you need to retrieve current value of this attribute and use binary OR
operation (-bor) to calculate new value.


$User = [ADSI]"LDAP://cn=Gusev,ou=Users,ou=Lab,dc=contoso,dc=com"
$UAC = $User.UserAccountControl[0] -bor 65536
$User.Put("userAccountControl",$UAC)
$User.SetInfo()

您的脚本需要这样修改:

$objUser.SetInfo()

#Place the additional attributes into the record
$UAC = $objUser.UserAccountControl[0] -bor 65536
$objUser.Put("userAccountControl",$UAC)
$objUser.SetInfo()

如果不运行SetInfo()两次脚本将引发错误。

于 2013-05-24T16:29:44.343 回答
2

您可以用来解决不得不摆弄 UserAccountControl 属性的另一件事是PasswordNeverExpires使用Set-ADUser.

$objUser | Set-ADUser -PasswordNeverExpires

实际上,您可以使用New-ADUser

Import-Module ActiveDirectory
$dataSource=import-csv “add_user2.csv”;

foreach($dataRecord in $datasource) 
{
    $cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
    $sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName
    $givenName=$dataRecord.FirstName
    $sn=$dataRecord.LastName
    $displayName=$sn + “, ” + $givenName
    $userPrincipalName=$sAMAccountName + “@test.com”;

    New-ADUser $cn -SamAccountName $sAMAccountName -GivenName $givenName `
        -Surname $sn -DisplayName $displayName -UserPrincipalName $userPrincipalName `
        -PasswordNeverExpires $true -Path "OU=Service,OU=Accounts,DC=rjfdev,DC=com"
}
于 2013-05-24T18:53:20.690 回答