<#Monthly AD User reportWriten by SanilInHighway Updated on 17/08/2015 prototypeUpdated on 18/08/2015 details improveUpdated on 01/12/2015 add send email codeUpdated on 18/05/2016 format date outputUpdated on 1/06/2015 update output of $PasswordExpirationDate & $PasswordLastSet#>$start = Get-Date$array = @()$DC='RAINBOW.domain.internal'Clear-Content .\MonthReport_user.csv #清除原有数据$AllUsers = get-aduser -Server $DC -Filter * #获取AD域中的所有用户# $AllUsers = Get-Content .\UserID.txt# $AllUsers = get-aduser -Server $DC -Filter * -Searchbase "OU=Support,OU=Accounts,OU=Customer,OU=Administration,DC=domain,DC=internal" #获取AD域指定OU目录下的用户foreach ($user in $AllUsers ) { #获取用户所有属性,针对用户的各个属性进行筛选赋值,方便格式化输出到csv中 $userinfo = Get-ADUser -Server $DC -Identity $user -Properties * if ( $userinfo.Mail -eq $null){$mail = "No EA Email"} else{$mail =$userinfo.Mail } if($userinfo.Department -eq $null){$Department = "Not Provided"} else{$Department =$userinfo.Department} if($userinfo.Company -eq $null){$Company = "Not Provided"} else{$Company =$userinfo.Company} if($userinfo.Enabled -imatch "TRUE"){$Enabled = "Enabled"} else{$Enabled ="Disabled"} if($userinfo.AccountExpirationDate -eq $null){$AccountExpirationDate = "Never Expired"} else{$AccountExpirationDate =$userinfo.AccountExpirationDate.ToString("MM/dd/yyyy HH:mm:ss")} if($userinfo.LastLogonDate -eq $null){$LastLogonDate = $userinfo.LastLogonDate} else{$LastLogonDate =$userinfo.LastLogonDate.ToString("MM/dd/yyyy HH:mm:ss")} if($userinfo.PasswordNeverExpires -imatch "TRUE"){$PasswordExpirationDate = "Never Expired"} if($userinfo.PasswordLastSet -eq $null){ $PasswordExpirationDate="Already Expired" $PasswordLastSet="" } else{ $PasswordExpirationDate = $userinfo.PasswordLastSet.adddays(90).ToString("MM/dd/yyyy HH:mm:ss") $PasswordLastSet =$userinfo.PasswordLastSet.ToString("MM/dd/yyyy HH:mm:ss") } if($userinfo.PasswordNeverExpires -imatch "TRUE"){$PasswordExpirationDate = "Never Expired"}#<------------------------------------------------------------------Modify based on GECOS if($userinfo.Description -eq $null){ $IBMorEAorREVIEW= "REVIEW" $AccountType = "REVIEW" } else{ $ibm='/I/', '/N/', '/T/', '/E/', '/V/', '/F/','/S/' $reslut=1..7 #快速创建数组(1,2,3,4,5,6,7) #判断用户Description是否匹配$ibm数组中的任一个,并将返回值(布尔值)重新保存在$reslut中 for ($n =0;$n -lt 7;$n++) {$reslut[$n]=$userinfo.Description.toupper().contains($ibm[$n])} #根据$reslut是否含有"true",判断用户类别 if($reslut -contains 'True'){ $IBMorEAorREVIEW="IBM" if ($reslut[5] -contains 'True' -or $reslut[6] -contains 'True' ){ #如果用户Description包含 '/V/'或者 '/F/',则这个account不是一个个人用户 $AccountType = "NON-PEOPLE" } else{$AccountType = "PEOPLE"} } elseif($userinfo.Description.toupper().contains('/C/')){ $IBMorEAorREVIEW="EA" $AccountType = "REVIEW" } else{ $IBMorEAorREVIEW= "REVIEW" $IBMorEAorREVIEW="Not Provided" } } #<---------------------------------------Modify based on group info $grp = (Get-ADUser -Server $DC -identity $user -Properties memberof).memberof if($grp -imatch 'GBL_DenyLogonLocally'){$InteractiveLogonStatus = "DISABLED"} else{$InteractiveLogonStatus = "ENABLED"} #<---------------------------------------Add user detail to object $Properties = @{` "DisplayName" = $userinfo.DisplayName;` "SamAccountName" = $userinfo.SamAccountName;` "Description" = $userinfo.Description; ` "Last Name" = $userinfo.Surname; ` "First Name" = $userinfo.GivenName;` "Manager" = $userinfo.Manager;` "DistinguishedName" = $userinfo.DistinguishedName;` "E-mail Address" = $Mail; ` "Department" = $Department;` "Company" = $Company;` "When Created" = $userinfo.whenCreated.ToString("MM/dd/yyyy HH:mm:ss");` "Last Logon Time" = $LastLogonDate;` "User Logon Count"=$userinfo.logonCount;` "Account Status" = $Enabled;` "Account Expir" = $AccountExpirationDate;` "Pwd Never Ex" = $userinfo.PasswordNeverExpires;` "When Change" = $PasswordLastSet;` "Password Expir"=$PasswordExpirationDate;` "Interactive Logon Status" = $InteractiveLogonStatus;` "IBM or EA"=$IBMorEAorREVIEW;"Account Type"=$AccountType } $Newobject = New-Object PSObject -Property $Properties $Array +=$Newobject}$Array | Select-Object ` "DisplayName",` "SamAccountName",` "Description",` "Last Name",` "First Name",` "Manager",` "DistinguishedName",` "E-mail Address",` "Department",` "Company",` "When Created",` "Last Logon Time",` "User Logon Count",` "Account Status",` "Account Expir",` "Pwd Never Ex",` "When Change",` "Password Expir",` "Interactive Logon Status",` "IBM or EA",` "Account Type"`| Export-CSV .\MonthReport_user.csv -UseCulture -NoTypeInformation -Encoding UTF8#get-content .\temp.csv | Add-Content .\MonthReport_user.csv$end = Get-DateWrite-Host -ForegroundColor yellow ('Total Runtime: ' + ($end - $start).TotalSeconds)#Send-MailMessage未指定账号密码的情况下,默认使用当前用户的credentialsSend-MailMessage ` -from "original mailbox" ` -to "destination mailbox" ` -subject "Monthly AD Report" ` -Attachments .\MonthReport_user.csv ` -smtpserver "SMTPserver" ` -Encoding ([System.Text.Encoding]::UTF8)