powershell - 在 Active Directory 中按真实姓名查找用户
问题描述
此脚本用于在 AD 用户丢失密码并需要创建新密码时重置密码。但是假设我们不知道用户名只知道他们的真实姓名,所以我们想搜索用户名并将其插入到$Username
.
function Reset_Password_Account () {
$Username = Read-Host "Enter your username"
Write-Host "Changing Password for account" $Username
$Newpassword = Read-Host "Enter Temporary Password" -AsSecureString
Write-Host "Running Script..."
Set-ADAccountPassword $Username -NewPassword $Newpassword
Write-Host "Temporary password set"
Set-ADUser $Username -ChangePasswordAtLogon $True
Write-Host "You can now change password on login"
# Stop powershell from exiting after script is run
Read-Host "Press enter to exit"
}
$Readhost = Read-Host "To run script: Enter y
To decline script: Enter n and exit PowerShell
Press Enter to accept your input. ( y / n )"
switch ($ReadHost) {
Y {Reset_Password_Account}
N {exit}
解决方案
我建议使用Ambiguous Name Resolution,它会搜索一个范围,如果 AD 属性(链接中的列表)并找到任何匹配项。
下面的示例查询将返回Jimmy Smith
和Jim Smith-Williams
Get-ADUser -LDAPFilter "(anr=Jim Smith)"
它将搜索任何命名属性以字符串开头的"jim smith*"
所有对象,以及所有对象 where(givenName=jim*)
和(sn=smith*)
,以及对象 where(givenName=smith*)
和(sn=jim*)
。