Cleans up the ad expiration object and sends the result to the specified administrator

Demand

Needs to clean up the ad expired accounts, the intention is to clean 90 days not logged in the account can be, the result of leadership and worry if some long-term travel outside of the staff, so add a 30 days after the mailbox decision, if this person 90 days not logged in the domain, and 30 days not logged in the mailbox, it should be clear

Operation

Directly on the text, with comments inside

#加域AD模块
Import-module ActiveDirectory
#加载Exchange模块
Add-pssnapin Microsoft.Exchange.Management.Powershell.E2010
#定义90天的值
$When 1 = (get-date). AddDays (-90). Tofiletime ()
#定义30天的时间值
$When 2 = (get-date). AddDays (-30). Date
#提取出超过90天未登录域的计算机列表
$PC = get-adcomputer-filter {lstlogontimestamp-lt $When 1}-searchbase "Ou=test01,dc=dztest,dc=com"
#禁用并移动过期计算机帐号
$PC | Set-adobject-protectedfromaccidentaldeletion: $false | Disable-adaccount | Move-adobject-erroraction Silentlycontinue-targetpath "Ou=test02,dc=dztest,dc=com"
#获取超过90天未登录域的用户列表
$user = get-aduser-filter {lastlogontimestamp-lt $When 1}-searchbase "ou=test01,dc=dztest,dc=com"-Properties * | Select-object Name,samaccountname,mail
#筛选出没有邮箱的用户
$user 1 = $user | Where{$_.mail-eq $null}
#筛选出有邮箱的用户
$user 2 = $user | Where{$_.mail-ne $null}
#直接将没有邮箱的用户移动到指定的OU中并禁用
$user 1 | Set-adobject-protectedfromaccidentaldeletion, $false | Disable-adaccount | Move-adobject-erroraction Silentlycontinue-targetpath "Ou=test02,dc=dztest,dc=com"
#在结果中筛选出超过30天未登录邮箱的用户
$Euser = $user 2.mail | Get-mailboxstatistics | Where-object {$_.lastlogontime-lt $when 2} | Select-object Displayname,lastlogontime
#反查AD帐号信息
$user 3 = $euser. DisplayName | Get-mailbox | Select Name,samaccountname
#将结果用户移动到指定的OU并禁用
$user 3 | Set-adobject-protectedfromaccidentaldeletion: $false |  Disable-adaccount | Move-adobject-erroraction Silentlycontinue-targetpath "Ou=test02,dc=dztest,dc=com"
#将超过90天未登录域且无邮箱的对象, or a user who has not logged on to the domain for more than 90 days and has not logged on to the mailbox for more than 30 days, sends an email to the administrator
#发件人
$from = "Test01.dztest.com"
#收件人
$to = "[email protected]"
#抄送, such as BCC can be used
# $CC = ""
#SMTP服务器地址
$SMTP = "Mail.dztest.com"
#邮件主题
$subject = "Powershell Send Mail Test"
#邮件正文
$body = "
This is disabled for more than 90 days without logging on to the domain and no mailbox users are:
$ ($user 1 | out-string)
This is disabled for more than 90 days without logging in to the domain and 30 days without logging on to the mailbox user:
$ ($user 3 | out-string)
"
#附件
# $attachment = "E:\1.txt"
Security credentials
secpasswd = convertto-securestring "Password"-asplaintext-force
Mycreds = New-object System.Management.AutoMation.PSCredential ($from, $SECPASSWD)
#发送邮件
Send-mailmessage-to $to-from $from-subject $subject-body $body-credential $mycreds-smtpserver $smtp-deliverynotific Ationoption never-encoding UTF8

Summarize

If you have any other questions, please ask

This article is from the "Du_wei" blog, make sure to keep this source http://duwei025.blog.51cto.com/996083/1710281

Cleans up the ad expiration object and sends the result to the specified administrator