如何解决有什么方法可以通过powershell根据gpo设置检查密码是否符合标准用户帐户
我担心的是我无法将用户的密码存储在任何地方。用户输入密码后,我想验证它是否符合该机器上的密码策略设置。
-
我遇到过 net 命令来检索相关信息,但 net 对标准用户不起作用。
-
标准用户无法在该计算机上创建另一个用户帐户 - 因此,我无法通过该帐户创建另一个具有相同密码的用户以检查密码合规性。
-
还尝试使用相同的密码更改标准用户的密码,目的是如果不合规,我将收到密码不合规错误。但它可能会弄乱密码历史记录。
有什么方法可以让我通过 powershell 简单地检查密码是否符合标准用户的要求,而无需执行任何写入操作?
解决方法
也许这个实用函数可以帮助你:
function Test-PasswordForDomain {
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true,Position = 0)]
[string]$Password,[Parameter(Mandatory = $false)]
[string]$AccountSamAccountName = $null,[Parameter(Mandatory = $false)]
[string]$AccountDisplayName = $null
)
# [Microsoft.ActiveDirectory.Management.ADEntity]
$PasswordPolicy = Get-ADDefaultDomainPasswordPolicy -ErrorAction SilentlyContinue
If ($Password.Length -lt $PasswordPolicy.MinPasswordLength) {
Write-Verbose "Password '$Password' is too short. Minimal length is $($PasswordPolicy.MinPasswordLength)"
return $false
}
if (($AccountSamAccountName) -and ($Password -match "$AccountSamAccountName")) {
Write-Verbose "The password '$Password' includes the users SamAccountName"
return $false
}
if ($AccountDisplayName) {
# if ANY PART of the display name that is split by the characters below,the password should fail the complexity rules.
$tokens = $AccountDisplayName.Split(",.-,_ #`t")
foreach ($token in $tokens) {
if (($token) -and ($Password -match "$token")) {
Write-Verbose "The password '$Password' includes (part of) the users DisplayName"
return $false
}
}
}
if ($PasswordPolicy.ComplexityEnabled -eq $true) {
# check for presence of
# - Uppercase: A through Z,with diacritic marks,Greek and Cyrillic characters
if ($Password -cnotmatch "[A-Z\p{Lu}\s]") {
Write-Verbose "The password '$Password' is missing Uppercase characters"
return $false
}
# - Lowercase: a through z,sharp-s,Greek and Cyrillic characters
if ($Password -cnotmatch "[a-z\p{Ll}\s]") {
Write-Verbose "The password '$Password' is missing Lowercase characters"
return $false
}
# - Base 10 digits (0 through 9)
if ($Password -notmatch "[\d]") {
Write-Verbose "The password '$Password' is missing digits (0-9)"
return $false
}
# - Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/
if ($Password -notmatch "[^\w]") {
Write-Verbose "The password '$Password' is missing Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;`"'<>,.?/"
return $false
}
}
return $true
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。