目录
1、统一更改默认本地管理员密码
1)新建组策略,定位到:
Computer Configuration → Preference → Control Panel Settings → Local Users and Groups
2)新建本地用户 Administrator,设置密码和其他选项。
2、清理长期没登录的用户账户
(inactive:单位 Weeks)
dsquery user -inactive 52 | dsmod user -disabled yes
Get-ADUser -Filter 'Enabled -eq "False"' | Remove-ADUser
3、防止删除所有用户账户
Get-ADUser -Filter * | Set-ADObject -ProtectedFromAccidentalDeletion $True
4、批量创建域用户
for /L %a in (1,1,9) do net user \\Test_00%a /add
for /L %a in (10,1,99) do net user \\Test_0%a /add
for /L %a in (100,1,500) do net user \\Test_%a /add
$cred = Get-Credential
1..9 | % { New-ADUser -Name User00$_ -AccountPassword $cred.password -CannotChangePassword $true -DisplayName “Test 00$_” -Enabled $true -SamAccountName User00$_ -Path "OU=Users,OU=Contoso,DC=Nwtraders,DC=msft"}
10..99 | % { New-ADUser -Name User0$_ -AccountPassword $cred.password -CannotChangePassword $true -DisplayName “Test 0$_” -Enabled $true -SamAccountName User0$_ -Path "OU=Users,OU=Contoso,DC=Nwtraders,DC=msft"}
100..999 | % { New-ADUser -Name User$_ -AccountPassword $cred.password -CannotChangePassword $true -DisplayName “Test $_” -Enabled $true -SamAccountName User$_ -Path "OU=Users,OU=Contoso,DC=Nwtraders,DC=msft"}
1..9 | % { New-ADGroup -DisplayName “Project 00$_” -Name Project00$_ -GroupCategory Security -GroupScope Global -Pa