##### 读取csv文件批量设置域用户下次登录需要修改密码
Import-Module ActiveDirectory# 配置参数(SamAccountName参数为用户账号所在的列) $CSVFile = "C:\temp\All_AD_Users.csv" $UsernameColumn = "SamAccountName"# 读取CSV文件 $users = Import-Csv -Path $CSVFile -Encoding UTF8Write-Host "开始处理 $($users.Count) 个用户..." -ForegroundColor Yellow$successCount = 0 $failCount = 0foreach ($user in $users) {$username = $user.$UsernameColumnif (-not [string]::IsNullOrWhiteSpace($username)) {try {Set-ADUser -Identity $username -ChangePasswordAtLogon $trueWrite-Host " 成功: $username" -ForegroundColor Green$successCount++}catch {Write-Host " 失败: $username - $_" -ForegroundColor Red$failCount++}} }Write-Host "`n处理完成!" -ForegroundColor Cyan Write-Host "成功: $successCount" -ForegroundColor Green Write-Host "失败: $failCount" -ForegroundColor Red
##### 批量设置所有域用户下次登录需要修改密码【带白名单模式,白名单中的用户例外,支持*通配符】
#####批量设置所有域用户下次登录需要修改密码【带白名单模式,白名单中的用户例外】 Import-Module ActiveDirectory# 排除特定账户(如管理员、服务账户)使用通配符 $ExcludedPatterns = @("Administrator", "Guest", "krbtgt", "svc_*", "*admin*", "test*", "boss*")# 获取所有启用用户 $AllUsers = Get-ADUser -Filter {Enabled -eq $true} -Properties SamAccountName, PasswordNeverExpires# 初始化数组 $UsersToSet = @() $UsersNotToSet = @()# 分类用户 foreach ($User in $AllUsers) {$exclude = $false# 检查是否匹配排除模式foreach ($pattern in $ExcludedPatterns) {if ($User.SamAccountName -like $pattern) {$exclude = $truebreak}}# 分类用户if ($exclude -or $User.PasswordNeverExpires -eq $true) {$reason = if ($exclude) { "排除模式" } else { "密码永不过期" }$UsersNotToSet += [PSCustomObject]@{SamAccountName = $User.SamAccountNameReason = $reason}} else {$UsersToSet += $User} }# 批量设置需要修改密码的用户 $successCount = 0 $failCount = 0Write-Host "`n开始设置需要修改密码的用户..." -ForegroundColor Yellow foreach ($User in $UsersToSet) {try {Set-ADUser -Identity $User.SamAccountName -ChangePasswordAtLogon $trueWrite-Host "✓ 成功设置: $($User.SamAccountName)" -ForegroundColor Green$successCount++}catch {Write-Host "✗ 失败: $($User.SamAccountName) - $_" -ForegroundColor Red$failCount++# 将失败的用户添加到不设置列表中$UsersNotToSet += [PSCustomObject]@{SamAccountName = $User.SamAccountNameReason = "设置失败: $_"}} }# 统计并显示不需要修改密码的用户 Write-Host "`n" + ("-" * 50) -ForegroundColor Gray Write-Host "不需要修改密码的用户列表(共 $($UsersNotToSet.Count) 个):" -ForegroundColor Magentaif ($UsersNotToSet.Count -gt 0) {# 按用户名排序显示$UsersNotToSet | Sort-Object SamAccountName | ForEach-Object {Write-Host " $($_.SamAccountName.PadRight(25)) - $($_.Reason)" -ForegroundColor Magenta}# 按原因分组统计Write-Host "`n按原因分组统计:" -ForegroundColor Magenta$UsersNotToSet | Group-Object Reason | ForEach-Object {Write-Host " $($_.Name): $($_.Count) 个用户" -ForegroundColor Magenta} } else {Write-Host " 没有不需要修改密码的用户" -ForegroundColor Magenta }# 显示最终统计信息 Write-Host "`n" + ("=" * 50) -ForegroundColor Cyan Write-Host "执行结果统计:" -ForegroundColor Cyan Write-Host " 需要设置的用户总数: $($UsersToSet.Count)" -ForegroundColor White Write-Host " 成功设置的用户数: $successCount" -ForegroundColor Green Write-Host " 设置失败的用户数: $failCount" -ForegroundColor Red Write-Host " 不需要设置的用户数: $($UsersNotToSet.Count)" -ForegroundColor Magenta Write-Host " 总用户数(启用): $($AllUsers.Count)" -ForegroundColor White Write-Host "=" * 50 -ForegroundColor Cyan# 可选:将结果导出到CSV文件 $timestamp = Get-Date -Format "yyyyMMdd_HHmmss" $outputFile = "AD用户密码设置报告_$timestamp.csv"$report = @() foreach ($user in $UsersToSet) {$status = if ($user.SamAccountName -in ($UsersNotToSet | Where-Object { $_.Reason -like "设置失败*" }).SamAccountName) {"失败"} else {"成功"}$report += [PSCustomObject]@{用户名 = $user.SamAccountName状态 = $status类别 = "需要设置"备注 = if ($status -eq "失败") { ($UsersNotToSet | Where-Object { $_.SamAccountName -eq $user.SamAccountName }).Reason } else { "已设置下次登录修改密码" }} }foreach ($user in $UsersNotToSet | Where-Object { $_.Reason -notlike "设置失败*" }) {$report += [PSCustomObject]@{用户名 = $user.SamAccountName状态 = "未设置"类别 = "不需要设置"备注 = $user.Reason} }$report | Sort-Object 用户名 | Export-Csv -Path $outputFile -NoTypeInformation -Encoding UTF8 Write-Host "`n详细报告已保存到: $outputFile" -ForegroundColor Cyan
##### 批量取消所有用户下次登录需要修改密码
# 导入AD模块 Import-Module ActiveDirectory# 颜色定义 $SuccessColor = "Green" $ErrorColor = "Red" $InfoColor = "Cyan" $WarningColor = "Yellow" $ProgressColor = "Gray"# 获取所有启用用户 $users = Get-ADUser -Filter {Enabled -eq $true}Write-Host "`n开始批量取消设置'下次登录需修改密码'标志..." -ForegroundColor $WarningColor Write-Host "预计处理 $($users.Count) 个用户" -ForegroundColor $InfoColor Write-Host ("-" * 50) -ForegroundColor $ProgressColor$successCount = 0 $failCount = 0for ($i = 0; $i -lt $users.Count; $i++) {$user = $users[$i]$progress = [math]::Round((($i + 1) / $users.Count) * 100, 1) try {# 同时取消两种设置方式Set-ADUser -Identity $user.SamAccountName -ChangePasswordAtLogon $falseSet-ADUser -Identity $user.SamAccountName -Replace @{pwdLastSet = -1}# 成功 - 绿色显示Write-Host " ✓ $($user.SamAccountName)" -ForegroundColor $SuccessColor$successCount++}catch {# 失败 - 红色显示Write-Host " ✗ $($user.SamAccountName) - $_" -ForegroundColor $ErrorColor$failCount++} }# 使用不同颜色显示最终统计 Write-Host "`n" + ("=" * 50) -ForegroundColor White Write-Host "处理完成!" -ForegroundColor White Write-Host ("=" * 50) -ForegroundColor White Write-Host "成功: $successCount" -ForegroundColor $SuccessColor Write-Host "失败: $failCount" -ForegroundColor $ErrorColor Write-Host "总计: $($users.Count)" -ForegroundColor $InfoColor
)
