Windows ActiveDirectory

AD 查询用户密码过期时间

重置用户密码

$user02=’mazhongshuo’
Set-ADAccountPassword -Identity $user02 -NewPassword (ConvertTo-SecureString “Sw#2024tf_” -AsPlainText -Force) -Reset
Set-ADUser -Identity $user02 -CannotChangePassword:$false
Search-ADAccount -LockedOut | Unlock-ADAccount

net user mazhongshuo /domain

查询用户密码过期时间
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties * |
Select-Object -Property “Displayname”, @{n=”ExpiryDate”;e={$_.PasswordLastSet.AddDays($maxPasswordAge)}}

https://www.cnblogs.com/suv789/p/18284489

Windows ActiveDirectory 用户密码组策略设置

Finding Weak Passwords in Active Directory

https://4sysops.com/archives/find-weak-active-directory-passwords-with-powershell

https://blog.51cto.com/jiushu/1675200

https://www.cnblogs.com/amsilence/p/17972726

www.alitajran.com/active-directory-weak-password-checker/

www.enzoic.com/active-directory-lite/

https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr

查看用户锁定

Search-ADAccount -LockedOut -UsersOnly | Select-Object Name, SamAccountName
解锁用户
Unlock-ADAccount -Identity

AD 获取目录NTFS权限

$file_path= “E:\”

$files = Get-Childitem -Path $file_path -Recurse -ErrorAction SilentlyContinue
$result = foreach($file in $files)
{
#Write-Host $file.FullName
$file_Info=Get-Acl $file.FullName

for ($i=0; $i -lt $file_Info.Access.Count; $i=$i+1)
    {

        if( $file_Info.Access[$i].IsInherited -ne "True")
            {
            $res= $file.FullName+'|'+$file_Info.Access[$i].IdentityReference.Value+'|'+ $file_Info.Access[$i].FileSystemRights.ToString()+'|'+$file_Info.Access[$i].AccessControlType.ToString() +'|'+  $file_Info.Access[$i].IsInherited
            $res |Out-File -FilePath D:\text2.csv -Append -Encoding utf8
        }

    }

}

参考链接：Powershell 获取指定目录NTFS 权限 – vmsky – 博客园 (cnblogs.com)

https://www.delftstack.net/zh/howto/powershell/managing-acl-permissions-using-powershell

windows 查看tcp 连接

netstat -ano | ForEach-Object {
    $pid = $_.Split(' ')[-1]
    if ($pid -ne '') {
        $process = Get-Process -Id $pid -ErrorAction SilentlyContinue
        $_ + " " + ($process.Name -join '')
    } else {
        $_
    }
}

$connections = Get-NetTCPConnection -LocalPort 8080
$connections | ForEach-Object {
    $process = Get-Process -Id $_.OwningProcess
    $_ | Add-Member -MemberType NoteProperty -Name Process -Value $process.Name
    $_
}

Windows ActiveDirectory 移除用户所属的组

$UserToRemove = “lijianhang@thtfpc.com”

Try {
#Connect to Exchange Online
# Connect-ExchangeOnline

#Get All Distribution Lists - Excluding Mail enabled security groups
$Groups = Get-ADGroup -Filter *  |  Where {($_.GroupCategory -contains "Distribution" -or $_.GroupCategory  -contains "Security")}  | Select-Object -Property  SamAccountName
#$Groups = Get-Distributiongroup -resultsize unlimited |  Where {( $_.GroupType  -contains "Security")}

#Loop through each Distribution Lists
ForEach ($Group in $Groups)
{
    #Check if the Distribution List contains the particular user
    If ((Get-DistributionGroupMember $Group.Name | Select -Expand PrimarySmtpAddress) -contains $UserToRemove)
    {
        Remove-DistributionGroupMember -Identity $Group.Name -Member $UserToRemove -Confirm:$false
        Write-host "Removed user from group '$Group'" -f Green
    }
}

}
Catch {
write-host -f Red “Error:” $_.Exception.Message
}

将用户移除所属AD组

$ouPath = “DC=thtfpc,DC=com”
$users = Get-ADUser -SearchBase $ouPath -Filter {Enabled -eq $false}
foreach ($user in $users) {
$userDN = $user.DistinguishedName
$groups = Get-ADPrincipalGroupMembership -Identity $userDN | Where-Object { $_.Name -ne “Domain Users” }
foreach ($group in $groups) {
Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
}
}