วันจันทร์ที่ 25 พฤศจิกายน พ.ศ. 2562

PowerShell - Audit script


https://community.idera.com/database-tools/powershell/ask_the_experts/f/active_directory__powershell_remoting-9/23795/ad-audit-script




Clear-Host
Powershell Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
Powershell Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
import-module activedirectory

$PSEmailServer = "10.90.8.60"
$MailTo = "<prapat_c@shera.com>"
$MailFrom = "Reports_Audit <it_support@sherasolution.com>"
$MailSubject = "AUDIT -:- Active emplyee list -:- $(Get-date -f dd-MM-yyyy)"
$file = ".\Audit-emp_Active.csv"

$Location = "ou=shera,dc=shera,dc=com"
$Ldap = "(!userAccountControl:1.2.840.113556.1.4.803:=2)(!description=vendor)(!description=eMail)(!description=test*)(!description=system*)(!description=vendor*)(!description=HC*)(!description=email*)"


# Results Variable set
$Results = @()
# Get list of users and properties
#$Users = Get-ADUser -Filter * -Properties *
$Users = Get-ADUser -SearchBase $Location –LDAPfilter $Ldap -Properties *

# loop for each user
foreach($user in $users)
{

# Variable for password Expire
$pwdexp = (Get-ADuser $user.SamAccountName -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed"

#If statment for password attriubte resluts
if ($pwdexp -eq "9223372036854775807"){
$pwdexp = "No"}
else {
$pwdexp = Get-Date ([DateTime]::FromFileTime([Int64]::Parse($pwdexp))) -Format "dd/MM/yyyy HH:mm:ss"
}

$pwdEnable = (Get-ADuser $user.SamAccountName -Properties "PasswordNeverExpires")."PasswordNeverExpires"
if ($pwdEnable -eq "True"){
 $pwdEnable = "No"}
else {
 $pwdEnable = "Yes"
}

$acctEnable = (Get-ADuser $user.SamAccountName -Properties "enabled")."enabled"
if ($acctEnable -eq "True"){
 $acctEnable = "No"}
else {
 $acctEnable = "Yes"
}

$acctExpTime = (Get-ADuser $user.SamAccountName -Properties "AccountExpirationDate")."AccountExpirationDate"
if ([string]::IsNullOrEmpty($acctExpTime)){
 $acctExpTime = "No"}
else {
 $acctExpTime
}



# Select specific porperties
$Properties = @{
#userPrincipalName = $User.userPrincipalName
#description = $User.description
#LastLogon = [datetime]::FromFileTime($User.Lastlogon)
#LockedOut = $User.LockedOut
#whenCreated = $User.whenCreated
#userAccountControl = $User.userAccountControl
#PasswordLastSet = [datetime]::FromFileTime($User.pwdLastSet)
#PasswordNeverExpires = $User.PasswordNeverExpires
#AccountExpires = $User.AccountExpirationDate
#PasswordExpired = $User.PasswordExpired
EmpID = $User.EmployeeID
userName = $User.SamAccountName
PswdExpires = $pwdEnable
PswdExpiresTime = $pwdexp
AcctDisabled = $acctEnable
AcctExpiresTime = $acctExpTime



# Get each users group membershipt and use - join to break up to individual names
#Groups = ($user.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","

}

# OutPut resluts variable to psobject
$Results += New-Object psobject -Property $properties


}
# Run results variable, selects specificed objects and export to CSV.
#$Results | Select UserName, userPrincipalName,description,LastLogon,enabled,LockedOut,whenCreated,userAccountControl,PasswordLastSet,PasswordExpired,PasswordNeverExpires,AccountExpires,PasswordWillExpire,group
$Results | Select EmpID,UserName,PswdExpires,PswdExpiresTime,AcctDisabled,AcctExpiresTime | sort EmpID |

export-csv "$file" -notypeinformation -Encoding UTF8

Send-MailMessage -To $MailTo -From $MailFrom -Subject $MailSubject  -Attachments "$file"

ไม่มีความคิดเห็น:

แสดงความคิดเห็น