Did you know that you can actually search for local user accounts, much like you can search for domain accounts?
Here is an example code that searches for all local accounts with a name that starts with "A" and are enabled: | Add-Type -AssemblyName System.DirectoryServices.AccountManagement | | | | $type = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext('Machine', $env:COMPUTERNAME) | | | | $UserPrincipal = New-Object System.DirectoryServices.AccountManagement.UserPrincipal($type) | | | | | | $UserPrincipal.Name = 'A*' | | | | $UserPrincipal.Enabled = $true | | | | $searcher = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher | | $searcher.QueryFilter = $UserPrincipal | | $results = $searcher.FindAll(); | | | | $results | Select-Object -Property Name, LastLogon, EnabledCOPY |
Likewise, to find all enabled local accounts with a password that never expires, try this: | Add-Type -AssemblyName System.DirectoryServices.AccountManagement | | | | $type = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext('Machine', $env:COMPUTERNAME) | | | | $UserPrincipal = New-Object System.DirectoryServices.AccountManagement.UserPrincipal($type) | | | | | | $UserPrincipal.PasswordNeverExpires = $true | | $UserPrincipal.Enabled = $true | | | | $searcher = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher | | $searcher.QueryFilter = $UserPrincipal | | $results = $searcher.FindAll(); | | | | $results | Select-Object -Property Name, LastLogon, Enabled, PasswordNeverExpiresCOPY |
http://powershell.com/cs/blogs/tips/archive/2013/12/23/searching-for-local-user-accounts.aspx | 
发表于 2013-12-30 13:17
|