如何更新 AD 信息属性以列出用户已从中删除的组?
How to update AD Info attribute to list groups user was deleted from?
我有这个脚本,它只会在 ISE 屏幕上列出用户的组,数据可以复制并粘贴到其他地方,但我正在尝试将组成员名称写入电话备注选项卡(或信息场地)。接下来我在想这些可能需要转换为字符串值,因为我收到有关不允许使用多个属性的错误。这是我一直在尝试的方法,但我不断出错。谢谢
Import-Module ActiveDirectory
$Users= Import-csv "C:\Scripts\UsersSAM-DisplayName.csv"
ForEach ($User in $Users) {
$SamAccountName=$User.SamAccountName
$DisplayName=$User.DisplayName
$TableFormat= @{E={$_.Name};L="$($DisplayName) - $($SamAccountName)"}
Get-ADUser -Identity $SamAccountName -Properties MemberOf | % {$_.MemberOf } | % {Get-ADGroup -Identity $_ } | % { Set-ADUser -Identity $SamAccountName -add @{info="$_.name"}} | Select Name |
Format-Table $TableFormat }
我想通了。他们想要的是首先写出终止用户的组,然后删除这些组。我是这样做的,这段代码包含分号,所以如果用户回来,将他们添加回所有组所需要做的就是复制并粘贴存储在“电话”选项卡、“注释”字段中的输出中的那些。我还使用了这个的精简版本来导出用户组,以加快复制用户组的速度,以便它们与同一团队中的其他人匹配。希望这对某人有所帮助。
Import-csv "$Terms" | % {
$user = Get-ADUser -LDAPFilter ("(sAMAccountName=" + $_.samaccountname + ")") -Properties samaccountname,enabled,name,memberof,distinguishedname,info
#Grab all user group names
$user | ForEach-Object {
$grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
$arec = $_.Name,$_.SamAccountName
$aline = ($grps -join ";")
#Add info to Notes field Telephone Tab
Get-ADPrincipalGroupMembership -Identity $user | %{
If ($_.SamAccountName -ne "Domain Users") {
$Userinfo=$user.info
Set-ADUser $User -replace @{info= "$Userinfo | $a | Terminated via automated process | $aline"}
#Remove User Groups Process in Telephones Tab Notes Field.
Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_.SamAccountName -Confirm:$false
(" "+ $a +" [" + $User.samaccountname + "], Removed from group [" + $_.samaccountname + "]. ") | Out-File -FilePath $ErrorLog -Append
}
}}}
我有这个脚本,它只会在 ISE 屏幕上列出用户的组,数据可以复制并粘贴到其他地方,但我正在尝试将组成员名称写入电话备注选项卡(或信息场地)。接下来我在想这些可能需要转换为字符串值,因为我收到有关不允许使用多个属性的错误。这是我一直在尝试的方法,但我不断出错。谢谢
Import-Module ActiveDirectory
$Users= Import-csv "C:\Scripts\UsersSAM-DisplayName.csv"
ForEach ($User in $Users) {
$SamAccountName=$User.SamAccountName
$DisplayName=$User.DisplayName
$TableFormat= @{E={$_.Name};L="$($DisplayName) - $($SamAccountName)"}
Get-ADUser -Identity $SamAccountName -Properties MemberOf | % {$_.MemberOf } | % {Get-ADGroup -Identity $_ } | % { Set-ADUser -Identity $SamAccountName -add @{info="$_.name"}} | Select Name |
Format-Table $TableFormat }
我想通了。他们想要的是首先写出终止用户的组,然后删除这些组。我是这样做的,这段代码包含分号,所以如果用户回来,将他们添加回所有组所需要做的就是复制并粘贴存储在“电话”选项卡、“注释”字段中的输出中的那些。我还使用了这个的精简版本来导出用户组,以加快复制用户组的速度,以便它们与同一团队中的其他人匹配。希望这对某人有所帮助。
Import-csv "$Terms" | % {
$user = Get-ADUser -LDAPFilter ("(sAMAccountName=" + $_.samaccountname + ")") -Properties samaccountname,enabled,name,memberof,distinguishedname,info
#Grab all user group names
$user | ForEach-Object {
$grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
$arec = $_.Name,$_.SamAccountName
$aline = ($grps -join ";")
#Add info to Notes field Telephone Tab
Get-ADPrincipalGroupMembership -Identity $user | %{
If ($_.SamAccountName -ne "Domain Users") {
$Userinfo=$user.info
Set-ADUser $User -replace @{info= "$Userinfo | $a | Terminated via automated process | $aline"}
#Remove User Groups Process in Telephones Tab Notes Field.
Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_.SamAccountName -Confirm:$false
(" "+ $a +" [" + $User.samaccountname + "], Removed from group [" + $_.samaccountname + "]. ") | Out-File -FilePath $ErrorLog -Append
}
}}}