add various scripts
This commit is contained in:
parent
11c58a8c4b
commit
894b32da60
|
@ -0,0 +1,61 @@
|
|||
# load ActiveDirectory module
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
|
||||
function Show-Menu
|
||||
{
|
||||
param (
|
||||
[string]$Title = 'Control Center'
|
||||
)
|
||||
cls
|
||||
Write-Host "================ $Title ================"
|
||||
|
||||
Write-Host "1: Unlock User"
|
||||
Write-Host "2: Reset Password"
|
||||
Write-Host "3: Get Lockout Location"
|
||||
Write-Host "4: Disable Computer"
|
||||
Write-Host "5: Restart Computer"
|
||||
Write-Host "6: Remove Public Desktop Icons"
|
||||
Write-Host "Q: Press 'Q/q' to quit."
|
||||
}
|
||||
|
||||
do
|
||||
{
|
||||
Show-Menu
|
||||
$input = Read-Host "Please make a selection"
|
||||
switch ($input)
|
||||
{
|
||||
'1' {
|
||||
cls
|
||||
.\scripts\users\unlock-account.ps1
|
||||
} '2' {
|
||||
cls
|
||||
.\scripts\users\reset-password.ps1
|
||||
} '3' {
|
||||
cls
|
||||
start powershell `
|
||||
-ArgumentList '-noexit .\scripts\users\get-lockout-location.ps1'
|
||||
} '4' {
|
||||
cls
|
||||
.\scripts\computers\disable-computer.ps1
|
||||
} '5' {
|
||||
cls
|
||||
start powershell `
|
||||
-ArgumentList '.\scripts\computers\restart-computer.ps1'
|
||||
} '6' {
|
||||
cls
|
||||
.\scripts\misc\remove-public-desktop-icons.ps1
|
||||
} 'q' {
|
||||
return
|
||||
}
|
||||
}
|
||||
sleep 1
|
||||
}
|
||||
until ($input -eq 'q')
|
|
@ -0,0 +1,21 @@
|
|||
# load ActiveDirectory module
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
|
||||
function Disable-Computer
|
||||
{
|
||||
$samAccountName = Read-Host 'Please enter a computer name'
|
||||
$date = Get-Date -format "yyyy-MM-dd"
|
||||
Get-ADComputer -Identity $samAccountName | Disable-ADAccount
|
||||
Set-ADComputer -Identity $samAccountName `
|
||||
-Description "disabled by $(whoami) $date"
|
||||
}
|
||||
|
||||
Disable-Computer
|
|
@ -0,0 +1,20 @@
|
|||
function Restart-Domain-Computer
|
||||
{
|
||||
$computername = Read-Host 'Please enter a computer name'
|
||||
Restart-Computer -Force -ComputerName $computername
|
||||
sleep 30
|
||||
while ($status -eq $null)
|
||||
{
|
||||
if(Test-Connection `
|
||||
-Computername $computername `
|
||||
-BufferSize 16 `
|
||||
-Count 1 `
|
||||
-Quiet){break}
|
||||
Write-Host 'Still offline'
|
||||
sleep 5
|
||||
}
|
||||
Write-Host -foregroundcolor "green" $computername ' is online'
|
||||
Read-Host 'Press a key to quit'
|
||||
}
|
||||
|
||||
Restart-Domain-Computer
|
|
@ -0,0 +1,8 @@
|
|||
function Remove-Public-Desktop-Icons
|
||||
{
|
||||
$computername = Read-Host 'Enter the name of the computer'
|
||||
Remove-Item \\$computername\c$\users\public\desktop\*.lnk `
|
||||
-Exclude "SAP Logon Pad.lnk"
|
||||
}
|
||||
|
||||
Remove-Public-Desktop-Icons
|
|
@ -0,0 +1,15 @@
|
|||
# load ActiveDirectory module
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
|
||||
function Show-Menu
|
||||
{
|
||||
|
||||
}
|
|
@ -0,0 +1,154 @@
|
|||
#Requires -Version 2.0
|
||||
Function Get-LockedOutLocation
|
||||
{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
This function will locate the computer that processed a failed
|
||||
user logon attempt which caused the user account to become locked
|
||||
out.
|
||||
|
||||
.DESCRIPTION
|
||||
This function will locate the computer that processed a failed
|
||||
user logon attempt which caused the user account to become locked
|
||||
out. The locked out location is found by querying the PDC Emulator
|
||||
for locked out events (4740). The function will display the
|
||||
BadPasswordTime attribute on all of the domain controllers to add
|
||||
in further troubleshooting.
|
||||
|
||||
.EXAMPLE
|
||||
PS C:\>Get-LockedOutLocation -Identity Joe.Davis
|
||||
|
||||
|
||||
This example will find the locked out location for Joe Davis.
|
||||
.NOTE
|
||||
This function is only compatible with an environment where the
|
||||
domain controller with the PDCe role to be running Windows Server
|
||||
2008 SP2 and up. The script is also dependent the ActiveDirectory
|
||||
PowerShell module, which requires the AD Web services to be
|
||||
running on at least one domain controller. Author:Jason Walker
|
||||
Last Modified: 3/20/2013
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
|
||||
Param(
|
||||
[Parameter(Mandatory=$True)]
|
||||
[String]$Identity
|
||||
)
|
||||
|
||||
Begin
|
||||
{
|
||||
$DCCounter = 0
|
||||
$LockedOutStats = @()
|
||||
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
}#end begin
|
||||
|
||||
Process
|
||||
{
|
||||
|
||||
#Get all domain controllers in domain
|
||||
cls
|
||||
$DomainControllers = Get-ADDomainController -Filter *
|
||||
$PDCEmulator = (
|
||||
$DomainControllers | Where-Object
|
||||
{
|
||||
$_.OperationMasterRoles -contains "PDCEmulator"
|
||||
}
|
||||
)
|
||||
|
||||
Write-Verbose "Finding the domain controllers in the domain"
|
||||
Foreach ($DC in $DomainControllers)
|
||||
{
|
||||
$DCCounter++
|
||||
Write-Progress -Activity "Contacting DCs for lockout info" `
|
||||
-Status "Querying $($DC.Hostname)" `
|
||||
-PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
|
||||
Try
|
||||
{
|
||||
$UserInfo = Get-ADUser -Identity $Identity `
|
||||
-Server $DC.Hostname `
|
||||
-Properties AccountLockoutTime,`
|
||||
LastBadPasswordAttempt,`
|
||||
BadPwdCount,`
|
||||
LockedOut
|
||||
-ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Continue
|
||||
}
|
||||
If($UserInfo.LastBadPasswordAttempt)
|
||||
{
|
||||
$LockedOutStats += New-Object -TypeName PSObject -Property @{
|
||||
Name = $UserInfo.SamAccountName
|
||||
SID = $UserInfo.SID.Value
|
||||
LockedOut = $UserInfo.LockedOut
|
||||
BadPwdCount = $UserInfo.BadPwdCount
|
||||
BadPasswordTime = $UserInfo.BadPasswordTime
|
||||
DomainController = $DC.Hostname
|
||||
AccountLockoutTime = $UserInfo.AccountLockoutTime
|
||||
LastBadPasswordAttempt = `
|
||||
($UserInfo.LastBadPasswordAttempt).ToLocalTime()
|
||||
}
|
||||
}#end if
|
||||
}#end foreach DCs
|
||||
$LockedOutStats | Format-Table -Property Name,`
|
||||
LockedOut,`
|
||||
DomainController,`
|
||||
BadPwdCount,`
|
||||
AccountLockoutTime,`
|
||||
LastBadPasswordAttempt `
|
||||
-AutoSize
|
||||
|
||||
#Get User Info
|
||||
Try
|
||||
{
|
||||
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
|
||||
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName`
|
||||
-FilterHashtable @{LogName='Security';Id=4740} `
|
||||
-ErrorAction Stop | Sort-Object `
|
||||
-Property TimeCreated
|
||||
-Descending
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Continue
|
||||
}#end catch
|
||||
Foreach($Event in $LockedOutEvents)
|
||||
{
|
||||
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
|
||||
{
|
||||
$Event | Select-Object -Property `
|
||||
@(
|
||||
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
|
||||
@{Label = 'DomainController'; Expression = {$_.MachineName}}
|
||||
@{Label = 'EventId'; Expression = {$_.Id}}
|
||||
@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
|
||||
@{Label = 'Message'; Expression = {$_.Message `
|
||||
-split "`r" | Select -First 1}}
|
||||
@{Label = 'LockedOutLocation'; Expression =
|
||||
{
|
||||
$_.Properties[1].Value
|
||||
}
|
||||
}
|
||||
)
|
||||
}#end ifevent
|
||||
|
||||
}#end foreach lockedout event
|
||||
|
||||
}#end process
|
||||
|
||||
}#end function
|
||||
|
||||
$username = Read-Host 'Please enter a username'
|
||||
Get-LockedOutLocation -Identity $username
|
|
@ -0,0 +1,24 @@
|
|||
# load ActiveDirectory module
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
|
||||
function Reset-Password
|
||||
{
|
||||
$username = Read-Host 'Please enter a user name'
|
||||
$default_password = 'default-password'
|
||||
Unlock-ADAccount -Identity $username
|
||||
Set-ADAccountPassword -Identity $username `
|
||||
-Reset -NewPassword
|
||||
(
|
||||
ConvertTo-SecureString -AsPlainText $default_password -Force
|
||||
)
|
||||
Set-ADuser $username -ChangePasswordAtLogon $True
|
||||
}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# load ActiveDirectory module
|
||||
Try
|
||||
{
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Break
|
||||
}
|
||||
|
||||
function Unlock-Account
|
||||
{
|
||||
$username = Read-Host 'Please enter a user name'
|
||||
Try
|
||||
{
|
||||
Unlock-ADAccount -Identity $username -ErrorAction Stop
|
||||
Write-Host $username ' unlocked' -backgroundcolor green
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Read-Host 'Press a key to quit'
|
||||
Break
|
||||
}
|
||||
Read-Host 'Press a key to quit'
|
||||
}
|
||||
|
||||
Unlock-Account
|
Reference in New Issue