弱密码检测

import-module activedirectory
$file = "E:PowerShellCheckpassausersy.txt"
$file_output = "e:PowerShellCheckpassadpass.txt"
$usersy=Get-ADUser -filter * -searchbase "ou=优信拍,dc=uxin,dc=youxinpai,dc=com"
$usersy|%{$_.samaccountname|out-file $file -append -encoding utf8 }

start-sleep -s 1

Function Test-ADAuthentication {
    param($username,$password)
    (new-object directoryservices.directoryentry "",$username,$password).psbase.name -ne $null
}

$domain = "xxx.com"
$data = gc $file

foreach($row in $data) {
    $username = $row
    $password = "YYY@123"
    if (Test-ADAuthentication "$domain$username" "$password") {
        write-host "$username :: Old Password" -foregroundcolor "red"
       $username |out-file $file_output -Append
    } else {
        write-host "$username :: Not" -foregroundcolor "green"
    }
}

v2.0：

import-module activedirectory
$file = "E:PowerShellCheckpassausersy.txt" #Export AD User
$file_output = "e:PowerShellCheckpassadpass.txt" #Output weak pass account
$weakpass_file = "E:PowerShellCheckpassweakpass.txt" #Save weak password
$usersy=Get-ADUser -filter * -searchbase "ou=yy,dc=u,dc=yy,dc=com"
$domain = "x.com"
if (Test-path $file)
{remove-item $file}
#导出AD用户
foreach ($user in $usersy)
{$user.samaccountname|out-file $file -append -encoding utf8 }

start-sleep -s 1


#检测密码是否正常
Function Test-ADAuthentication {
    param($username,$password)
    (new-object directoryservices.directoryentry "",$username,$password).psbase.name -ne $null
}


$data = gc $file
$weakpasses = gc $weakpass_file

foreach($row in $data) {
    $username = $row
   foreach($password in $weakpasses)
    {
       if (Test-ADAuthentication "$domain$username" "$password") {
            write-host "$username bad password:  $password" -foregroundcolor "red"
           $username + " : " + $password |out-file $file_output -Append
        } else {
            write-host "$username ::OK" -foregroundcolor "green"
        }
    
     }
    
}