1. Use PowerShell query to specify the creation time of all accounts in the OU \sid\ last modified password time \ Last logon time:
Get-aduser-searchbase ' ou=ll,dc=ll,dc=com '-filter *-properties * | Select-object Name,sid, created,passwordlastset,@{n= "lastlogondate"; e={[datetime]::fromfiletime
($_.lastlogontimestamp)}} | Export-csv zuihoudenglu.csv-notypeinformation-encoding UTF8
2. Query ad, default password policy (password complexity to note, lock policy, password length, password effective time): Get-addefaultdomainpasswordpolicy
3. Query the ad, which users are selected with the "Password Never Expires" top:
Users in the query domain that have the Password never expires option checked
Get-aduser-filter ' Passwordneverexpires-eq $true '-server A | Select Name
Query for users in an OU that have the Password never expire option checked and export
Get-aduser-searchbase ' ou=ll,dc=ll,dc=com '-filter ' passwordneverexpires-eq $true '-server A | Select Name | Export-csv Mimayongbuguoqi.csv-notypeinformation-
Encoding UTF8
4. Querying a locked user in AD
Get-aduser-filter *-properties * | where {$_.lockedout} | FT name,lockedout
5. Query the ad, which mail groups are empty members
Get-adgroup-filter *-properties Members | where {-not $_. Members} | Select Name
6. Querying an ad account in an OU for all one months without logging in
Get-aduser-searchbase ' ou=ll,dc=ll,dc=com '-filter *-properties * | Select-object Name,sid, created,passwordlastset,@{n= "lastlogondate"; e=
{[Datetime]::fromfiletime ($_.lastlogontimestamp)}} | where {$_.lastlogondate-lt (get-date). AddDays (-30)}
Get-aduser-searchbase ' ou=ll,dc=ll,dc=com '-filter *-properties * | Select-object Name,sid, created,passwordlastset,@{n= "lastlogondate"; e=
{[Datetime]::fromfiletime ($_.lastlogontimestamp)}}
7. Query the ad, the disabled account
Get-aduser-filter *-searchbase "ou=ll,dc=ll,dc=com" | where {($_.enabled-eq $false)-and (($_. distinguishedname). Contains ("Leave")-eq $false)} | Select
Samaccountname,surname,givenname,enabled,distinguishedname | Export-csv-encoding unicode-notypeinformation D:\ps\jinyongzhanghao.csv
8. Query the ad, disabled account, and enable (when enabled, the exported CSV file is empty, it may be because the export file is disabled account, and disabled account is enabled)
Get-aduser-filter *-searchbase "ou=ll,dc=ll,dc=com" | where {($_.enabled-eq $false)-and (($_. distinguishedname). Contains ("Leave")-eq $false)} | Export-csv-
Encoding unicode-notypeinformation D:\ps\qiyongzhanghao.csv | Enable-adaccount
9. Check the computers that are logged in within the specified time
Search-adaccount-accountinactive-timespan "3"-computersonly | Select Name | Export-csv Computertime.csv
$a =import-csv computertime.csv
foreach ($b in $a) {
Get-adcomputer $b. Name | Move-adobject-targetpath "Ou=delete,ou=ll,dc=ll,dc=com"
}
PowerShell's query capabilities