检查属于一个组但不属于某个特定组的用户
Checking for users who are member in on of groups, but not in one specific group
我正在寻找一种方法来识别属于少数组 (a,b,c) 之一但不属于特定组 (d)(例外组)的用户,以便稍后执行某些任务在它们上面(根据 samaccountname 的值填写特定属性)。
现在,我设法列出了属于特定组的用户帐户,并遵循另一个条件,即智能卡强制执行为假:
$groups = "a","b","c"
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
where {$_.smartcardlogonrequired -eq $false}
}
我想到了。
通过
定义异常组
$exceptions = (Get-ADGroup 'd').distinguishedname
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
where {$_.smartcardlogonrequired -eq $false} |
Get-ADUser –Filter {-not(memberof –eq $d}
}
然而,它并没有真正起到作用,我相信还有更好的方法。
获取组 "d" 成员的可分辨名称列表,并过滤可分辨名称不在该列表中的用户:
$exceptions = Get-ADGroupMember 'd' | Select-Object -Expand DistinguishedName
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
Where-Object {
$_.smartcardlogonrequired -eq $false -and
$exceptions -notcontains $_.DistinguishedName
}
}
我正在寻找一种方法来识别属于少数组 (a,b,c) 之一但不属于特定组 (d)(例外组)的用户,以便稍后执行某些任务在它们上面(根据 samaccountname 的值填写特定属性)。
现在,我设法列出了属于特定组的用户帐户,并遵循另一个条件,即智能卡强制执行为假:
$groups = "a","b","c"
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
where {$_.smartcardlogonrequired -eq $false}
}
我想到了。 通过
定义异常组$exceptions = (Get-ADGroup 'd').distinguishedname
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
where {$_.smartcardlogonrequired -eq $false} |
Get-ADUser –Filter {-not(memberof –eq $d}
}
然而,它并没有真正起到作用,我相信还有更好的方法。
获取组 "d" 成员的可分辨名称列表,并过滤可分辨名称不在该列表中的用户:
$exceptions = Get-ADGroupMember 'd' | Select-Object -Expand DistinguishedName
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group |
Get-ADUser -Properties 'smartcardlogonrequired' |
Where-Object {
$_.smartcardlogonrequired -eq $false -and
$exceptions -notcontains $_.DistinguishedName
}
}