我有一个脚本DirectorySearcher用于每天查询大约 13k 用户的 Active Directory。
我被告知我的报告中有重复,但我不知道为什么。
重复项通常出现在报告的末尾,到目前为止已有 6-7 个用户。这些用户和他们之前在报告中的条目之间的唯一区别是他们的上次登录时间已更改(其时间是脚本最初启动后的秒数)
#Get date for 3months back in datetime format
$Date = (Get-Date).AddDays(-90)
# Correct for daylight savings.
If ($Date.IsDaylightSavingTime)
{$Date = $Date.AddHours(-1)}
# Convert the datetime value, in UTC, into the number of ticks since
# 12:00 AM January 1, 1601.
$Value = ($Date.ToUniversalTime()).Ticks - ([DateTime]"January 1, 1601").Ticks
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.PageSize = 30000
$Searcher.Filter = "(&(&(objectCategory=person)(objectClass=user))(lastLogonTimeStamp>=$value)(pwdLastSet>=$value)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
$Searcher.SearchRoot = 'LDAP://dc=contoso,dc=net'
$results = $Searcher.FindAll()
foreach ($result in $results)
{
# Fetches different attributes for each user
# which is then appended to a .csv file via Add-Content
}
感觉就像我正在根据他们上次登录时间已更改的事实来识别其他用户..有人对此有所了解吗?也许
如何禁用此行为?
该脚本在 06:00:00 运行。
这是重复条目的最后登录时间
10/31/2015 06:00:24
10/31/2015 06:00:32
10/31/2015 06:02:07
10/31/2015 06:05:01
10/31/2015 06:06:05
10/31/2015 06:08:19
10/31/2015 06:08:36