dpole86
Aug 26, 2019
view3604
view2
0
Goto Top

UseraccountControl on Powershell Module

GermansolvedQuestionBatch, ShellDevelopment
Hallo Zusammen

Versuche mich gerade an einem Script welches mir die verschiedenen Flags von UseraccountControl ausliest.
Ich denke, dass auslesen funktioniert, aber leider komm ich nicht weiter.

Ich hätte gern den Namen hinter der Zahl bei jedem User in einer Tabelle. Online habe ich bisher nix gefunden.

$Flags = @{
    1        = 'SCRIPT'  
    2        = 'ACCOUNTDISABLE'  
    8        = 'HOMEDIR_REQUIRED'  
    16       = 'LOCKOUT'  
    32       = 'PASSWD_NOTREQD'  
    128      = 'ENCRYPTED_TEXT_PWD_ALLOWED'  
    256      = 'TEMP_DUPLICATE_ACCOUNT'  
    512      = 'NORMAL_ACCOUNT'  
    2048     = 'INTERDOMAIN_TRUST_ACCOUNT'  
    4096     = 'WORKSTATION_TRUST_ACCOUNT'  
    8192     = 'SERVER_TRUST_ACCOUNT'  
    65536    = 'DONT_EXPIRE_PASSWORD'  
    131072   = 'MNS_LOGON_ACCOUNT'  
    262144   = 'SMARTCARD_REQUIRED'  
    524288   = 'TRUSTED_FOR_DELEGATION'  
    1048576  = 'NOT_DELEGATED'  
    2097152  = 'USE_DES_KEY_ONLY'  
    4194304  = 'DONT_REQ_PREAUTH'  
    8388608  = 'PASSWORD_EXPIRED'  
    16777216 = 'TRUSTED_TO_AUTH_FOR_DELEGATION'  
    67108864 = 'PARTIAL_SECRETS_ACCOUNT'  
}

1ster Versuch: 
Get-ADUser -Filter * -properties * | Format-Table Name,homeDirectory,HomeDrive,scriptPath,UserAccountControl,
@{Name="accountExpires";Expression={([datetime]::FromFileTime($_.accountExpires))}}  

2ter Versuch
Import-Module ActiveDirectory  
 $users = Get-ADUser -SearchBase "OU" -filter * -property userAccountControl    
 ForEach($user in $users)


3ter Versuch
Get-ADUser $users -Properties * | 
    Select-Object employeeid, name, displayname, samaccountname, mail, PasswordExpired, @{N = "AccountExpires"; E = {[DateTime]::FromFileTime($_.AccountExpires)}}, @{N = "UserAccountControl";E = {$flags.Get_Item($_.UserAccountControl)}}

ist etwas zusammengewürfelt, aber ich bekomme leider keine Lösung hin.

Danke für alle die sich der Sache annehmen face-smile
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 488919

Url: https://administrator.de/contentid/488919

Printed on: April 27, 2024 at 02:04 o'clock

2 Comments
Latest comment
Goto Top
Mitglied: 140913
Solution 140913 Aug 27, 2019 updated at 08:23:36 (UTC)
Goto Top
Dafür gibt's den Operator -band, der binär prüft ob ein Wert in einem anderen enthalten ist. Also einfache Calculated Property mit einer Schleife über die Flags, Fertig.
$Flags = @{
    1        = 'SCRIPT'  
    2        = 'ACCOUNTDISABLE'  
    8        = 'HOMEDIR_REQUIRED'  
    16       = 'LOCKOUT'  
    32       = 'PASSWD_NOTREQD'  
    128      = 'ENCRYPTED_TEXT_PWD_ALLOWED'  
    256      = 'TEMP_DUPLICATE_ACCOUNT'  
    512      = 'NORMAL_ACCOUNT'  
    2048     = 'INTERDOMAIN_TRUST_ACCOUNT'  
    4096     = 'WORKSTATION_TRUST_ACCOUNT'  
    8192     = 'SERVER_TRUST_ACCOUNT'  
    65536    = 'DONT_EXPIRE_PASSWORD'  
    131072   = 'MNS_LOGON_ACCOUNT'  
    262144   = 'SMARTCARD_REQUIRED'  
    524288   = 'TRUSTED_FOR_DELEGATION'  
    1048576  = 'NOT_DELEGATED'  
    2097152  = 'USE_DES_KEY_ONLY'  
    4194304  = 'DONT_REQ_PREAUTH'  
    8388608  = 'PASSWORD_EXPIRED'  
    16777216 = 'TRUSTED_TO_AUTH_FOR_DELEGATION'  
    67108864 = 'PARTIAL_SECRETS_ACCOUNT'  
}
Get-ADUser -Filter * -properties Name,homeDirectory,HomeDrive,scriptPath,UserAccountControl | select Name,homeDirectory,HomeDrive,scriptPath,@{n='Flags';e={$uac = $_.UserAccountControl;($flags.GetEnumerator() | ?{$uac -band $_.Key} | %{$_.Value}) -join ','}} | ft -AutoSize -Wrap
Member: Dpole86
Dpole86 Sep 26, 2019 at 20:56:57 (UTC)
Goto Top
Vielen Dank für die Hilfe, hat super funktioniert face-smile
GermansolvedQuestionBatch, ShellDevelopment