批量设置AD用户随机密码，通过钉钉推送

原创

史振宁的技术博客 2024-10-12 12:30:05 博主文章分类：ActiveDirectory ©著作权

文章标签 批量生成AD随机密码 文章分类 运维 yyds干货盘点

©著作权归作者所有：来自51CTO博客作者史振宁的技术博客的原创作品，请联系作者获取转载授权，否则将追究法律责任

背景

AD中部分用户使用Exchange Online邮箱，AD账号原本已经批量创建完成，给的是固定密码，但因为目前针对这批用户暂时修改密码界面的开发工作延迟，需要重新生成符合要求的随机密码，并通知给用户。

实现过程

前期批量创建用户的脚本

 
$lines = Import-Csv D:\user.csv

$passwd = "example.com"
$pwd = ConvertTo-SecureString $passwd -AsPlainText -Force

foreach($line in $lines){
 
New-ADUser -Name $line.name -DisplayName $line.displayname -SamAccountName $line.samaccountname -UserPrincipalName $line.upn -AccountPassword $pwd  -ChangePasswordAtLogon $true -EmailAddress $line.mail -Surname $line.firstname -GivenName $line.lastname -Path "ou=test1,ou=test,dc=example,dc=com" -Enabled $true
}

csv文件内容：

生成随机密码的脚本这里使用python，本例需要生成100个随机密码：

#!/usr/bin/env python3
import string
import random

def random_pwd():
    str1 = '!@#$%^&*'
    src = string.ascii_letters + string.digits + str1

    pwd_list = random.choices(src, k=4)
    pwd_list.extend(random.sample(string.ascii_uppercase, 1))
    pwd_list.extend(random.sample(string.ascii_lowercase, 1))
    pwd_list.extend(random.sample(string.digits, 1))
    pwd_list.extend(random.sample(str1, 1))
#    print(pwd_list)
    random.shuffle(pwd_list)
    password = ''.join(pwd_list)
    print(password)

for x in range(100):
    random_pwd()

AD用户设置为随机密码将这批密码更新到csv文件，增加password属性列。

 
$lines = Import-Csv D:\user.csv
foreach($line in $lines){
    $passwd = $line.password  
    $pwd = ConvertTo-SecureString $passwd -AsPlainText -Force
    $username = $line.samaccountname
    Write-Output "$username,$passwd"
    Set-ADAccountPassword -Identity $username -NewPassword $pwd
    Set-ADUser -Identity $username -ChangePasswordAtLogon $false 

}

将账密推送到钉钉

#/user/bin/python3
# -*- coding: utf-8 -*-
import json
import csv
import requests



url = 'http://example.com/ding/sendOtoMsg/sampleMarkdown'

headers = {'content-type': 'application/json'}
appkey = "appkey"
appsecret = "appsecret"

####
csvfile = "/Users/shi/Downloads/user.csv"
with open(csvfile, 'r') as file:
    csv_reader = csv.DictReader(file)
    for row in csv_reader:
        username = row['samaccountname']
        email = row['mail']
        name = row['displayname']
        password = row['password']
        message = f'Hello,{name}:\n\n **Your Email**:  {email}\n\n **Username**: {username}\n\n**Password**: {password}'
        data = {
            "appKey": appkey,
            "appSecret": appsecret,
            "emails": email,
            "title": "邮箱开通提醒!",
            "text": message,
            "source": 'IT支持'
            }
        data = json.dumps(data)
        res = requests.post(url, headers=headers, data=data)