向经理发送 Powershell Active Directory 帐户到期电子邮件通知

Question

我有这个 PowerShell 脚本，如果用户的帐户在一定天数内到期，它会向经理发送电子邮件，但是，经理会为每个用户收到一封单独的电子邮件。有没有办法只发送一封包含用户列表的电子邮件？

Import-Module ActiveDirectory

#Set our non-changing variables for the email
$From = "accountexpiry@company.com"
$CC = "helpdesk@company.com"
$SMTPServer = "mail.company.com"

#Get the start date, which defaults to today, and the end date which is based off the start date
$startDate = Get-Date
$endDate = $startDate.AddDays(7)

#Query AD for all the accounts between our dates and request for a couple additional properties
$Users = Get-ADUser -Filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate} -Properties AccountExpirationDate, Manager

#Loop through the query results
Foreach($User in $Users)
{

    #The $User.Manager is not a email address, but a Distinguished Name; to get the email we can pass it to Get-Aduser though
    $Manager = Get-ADUser $User.Manager -Properties EmailAddress

    #Set our dynamic variables
    $To = $Manager.EmailAddress
    $Subject = "Account Expiration Notification for " + $User.Name
    $Body = 
    "Hello,
    This notification is to inform you that the account for $($User.Name) will expire on $($User.AccountExpirationDate). 
    If you need to extend this, please contact HR and IT will process the request.

    Thank you,
    IT Help Desk"

    Send-MailMessage -To $To -From $From -Subject $Subject -SmtpServer $SMTPServer -Body $Body
}

Answer 1

正如@thepip3r 在他的评论中所建议的那样，使用Group-Object 可以让每个经理只发送一封电子邮件的好方法。下面的代码应该可以解决问题，尚未对其进行测试，但我相信它应该可以工作。

需要注意的是，此代码将假定始终有一个用户列表将过期，并将使用以下格式发送用户列表：

此通知旨在通知您以下用户的帐户即将到期：
- user.example1 于 XX/XX/XXXX 到期
- user.example2 于 XX/XX/XXXX 到期
- user.example3 在 XX/XX/XXXX 到期

如果您需要延期，请联系 HR，IT 将处理该请求。

如果您想在只有一个用户和多个用户的情况下更改电子邮件的措辞，那么您应该为此设置一些条件。

代码

Import-Module ActiveDirectory

#Set our non-changing variables for the email
$mailProps = @{
    From = "accountexpiry@company.com"
    CC = "helpdesk@company.com"
    SMTPServer = "mail.company.com"
    BodyAsHTML = $true
}

#Get the start date, which defaults to today, and the end date which is based off the start date
$startDate = Get-Date
$endDate = $startDate.AddDays(7)

#Query AD for all the accounts between our dates and request for a couple additional properties
$props = @{
    Filter = "AccountExpirationDate -gt '$startDate' -and AccountExpirationDate -lt '$endDate'"
    Properties = 'AccountExpirationDate', 'Manager'
}
$Users = Get-ADUser @props

# Save the body on a ScriptBlock for later use
$bodyScriptBlock = {
    param([string[]]$UserList)
@"
Hello,</br>
This notification is to inform you that the account for the following users are about to expire:</br>
{0}</br></br>
If you need to extend this, please contact HR and IT will process the request.</br>
</br>
Thank you,</br>
IT Help Desk</br>
"@ -f ($UserList -join '</br>')
}

# Group all users by their Manager
$Users | Group-Object Manager | ForEach-Object {
    
    # Get this Manager's email address
    $managerEmail = (Get-ADUser $_.Name -Properties EmailAddress).EmailAddress

    # Create a string[] with the user's Name and their Account's Expiration Date
    $userList = foreach($user in $_.Group)
    {
        '- {0} expires on {1}' -f $user.Name, $user.AccountExpirationDate
    }
    
    # Execute the Body scriptblock passing this user's list
    $body = & $bodyScriptBlock -UserList $userList

    # Set the remaing values for Mail props
    $mailProps.To = $managerEmail
    $mailProps.Subject = "Account Expiration Notification for Managees" # ??? No idea what to put here
    $mailProps.Body = $body

    # Send the email with the list of users
    Send-MailMessage @mailProps
}

---

电子邮件示例