如何隔离 AD 专有名称并删除多余的行?
How do I isolate an AD Distinguished Name, and get rid of extra lines?
我试图只打印一个人的 AD 组的第一级(?)专有名称。很多人都是许多组的一部分,到目前为止,对于在多行中列出的组,我使用 -replace 来删除除我想要的之外的所有内容。
就目前而言,假设这些是 John Smith 所在的组:
PS C:\> $member = Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf
$member.Name
$member.MemberOf
Smith, John A - (jsmith)
CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
CN=Faculty,OU=Business,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
我的最终目标是这样的:
PS C:\> Get-ResearchGroup jsmith
Smith, John A - (jsmith)
Smith
或者甚至:
Name MemberOf
---- --------
Smith, John A - (jsmith) Smith
(也许有一些 Add-Member 爵士乐,我很确定我可以自己弄清楚)
无论如何,关键是要从 CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
中自己得到 'Smith'
现在,我们的研究小组 (ResG) 都被命名为相同的脚本,我相信,但如果可行的话,最好从 OU=Smith 而不是 CN=ResG-Smith 替换为 'Smith' .
Function Get-ResearchGroup {
[CmdletBinding()]
Param(
[Parameter(Position=1)]
[string[]]$Users,
[switch]$Raw
)
Foreach ($user in $Users) {
$member = Get-ADUser $user -prop MemberOf | Select Name,MemberOf
# $member
#printing out the variable right now results as follows:
# Name MemberOf
# ---- --------
# Smith, John A - (jsmith) {CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc, CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated O...
#I still don't know a whole lot about objects yet, but I wasn't too surprised when -replace didn't work on my variable. I tried this:
# $member -replace '.*ResG-Smith,OU=' -replace ',OU=Research,.*'
#results:
# @{MemberOf=Microsoft.ActiveDirectory.Management.ADPropertyValueCollection}
#(and, sure, maybe I just set something up wrong)
#Now, this kind of works:
# $member.MemberOf -replace '.*CN=ResG-Smith,OU=' -replace ',OU=Research,.*'
# CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
# Smith
# CN=Faculty,OU=Business,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
#Except only on the applicable line.
#This is pretty much where I'm at right now. Everything below the Whosebug link are my failed attempts/additions.
$member.Name
$MemberOf = $member.memberof -replace '.*CN=ResG-' -replace ',OU=Research,.*' -replace '.*OU=' -replace 'Delegation,.*' -replace 'Enterprise,.*' -replace 'Groups,.*'
$MemberOf | where { $_ -ne "" }
#
#I tried some different variations of adding each of these (never more than one at a time) on to the chain of replaces, with no success:
# -replace " `r`n"
# -replace " `\r`\n"
# -replace " \r\n"
# -replace "`r`n"
# -replace "`\r`\n"
# -replace "\r\n"
#
#I've also tried a few variations of .replace(), which didn't work (same results)
#https://community.spiceworks.com/topic/825700-get-aduser-distinguishedname-powershell-help
# Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}
# The hash literal was incomplete.
# + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
# + FullyQualifiedErrorId : IncompleteHashLiteral
#The next code look pretty similar to above, but there appear to be some differences, so I thought I'd try it.
#source: https://www.experts-exchange.com/questions/28206442/Get-part-of-Distinguished-Name-and-Output-to-file-in-Powershell.html
# Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf,@{name="Research";expression={($_.DistinguishedName -split ",OU=")[1]}}
# Name MemberOf
# ---- --------
# Smith, John A - (jsmith) {CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc, CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegat...
}
}
你可以使用两次"split"方法,先用逗号将字符串分割成一个数组,然后你可以再次"split"将"OU="与其他所有内容分开。您的 Get-ADUser 命令最终看起来类似于:
Get-ADUser $user | Select-Object Name, Memberof, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}
不使用字符串方法解析 DistinguishedName 的另一种方法是执行 Get-ADGroup 查找。第二次查找效率较低,但不太可能在意外的目录路径上中断。
function Get-ResearchGroup {
param (
[string[]]$Identity
)
foreach ($ID in $Identity) {
$User = Get-ADUser $ID -Properties MemberOf
$ResearchGroupsDN = $User.MemberOf | Where-Object {$_ -like 'CN=ResG*'}
foreach ($ResearchGroupDN in $ResearchGroupsDN) {
$ResearchGroupObject = Get-ADGroup $ResearchGroupDN
[PSCustomObject]@{
'Name' = $User.Name
'MemberOf' = $ResearchGroupObject.Name -replace 'ResG',''
}
}
}
}
我试图只打印一个人的 AD 组的第一级(?)专有名称。很多人都是许多组的一部分,到目前为止,对于在多行中列出的组,我使用 -replace 来删除除我想要的之外的所有内容。
就目前而言,假设这些是 John Smith 所在的组:
PS C:\> $member = Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf
$member.Name
$member.MemberOf
Smith, John A - (jsmith)
CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
CN=Faculty,OU=Business,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
我的最终目标是这样的:
PS C:\> Get-ResearchGroup jsmith
Smith, John A - (jsmith)
Smith
或者甚至:
Name MemberOf
---- --------
Smith, John A - (jsmith) Smith
(也许有一些 Add-Member 爵士乐,我很确定我可以自己弄清楚)
无论如何,关键是要从 CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
中自己得到 'Smith'
现在,我们的研究小组 (ResG) 都被命名为相同的脚本,我相信,但如果可行的话,最好从 OU=Smith 而不是 CN=ResG-Smith 替换为 'Smith' .
Function Get-ResearchGroup {
[CmdletBinding()]
Param(
[Parameter(Position=1)]
[string[]]$Users,
[switch]$Raw
)
Foreach ($user in $Users) {
$member = Get-ADUser $user -prop MemberOf | Select Name,MemberOf
# $member
#printing out the variable right now results as follows:
# Name MemberOf
# ---- --------
# Smith, John A - (jsmith) {CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc, CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated O...
#I still don't know a whole lot about objects yet, but I wasn't too surprised when -replace didn't work on my variable. I tried this:
# $member -replace '.*ResG-Smith,OU=' -replace ',OU=Research,.*'
#results:
# @{MemberOf=Microsoft.ActiveDirectory.Management.ADPropertyValueCollection}
#(and, sure, maybe I just set something up wrong)
#Now, this kind of works:
# $member.MemberOf -replace '.*CN=ResG-Smith,OU=' -replace ',OU=Research,.*'
# CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
# Smith
# CN=Faculty,OU=Business,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc
#Except only on the applicable line.
#This is pretty much where I'm at right now. Everything below the Whosebug link are my failed attempts/additions.
$member.Name
$MemberOf = $member.memberof -replace '.*CN=ResG-' -replace ',OU=Research,.*' -replace '.*OU=' -replace 'Delegation,.*' -replace 'Enterprise,.*' -replace 'Groups,.*'
$MemberOf | where { $_ -ne "" }
#
#I tried some different variations of adding each of these (never more than one at a time) on to the chain of replaces, with no success:
# -replace " `r`n"
# -replace " `\r`\n"
# -replace " \r\n"
# -replace "`r`n"
# -replace "`\r`\n"
# -replace "\r\n"
#
#I've also tried a few variations of .replace(), which didn't work (same results)
#https://community.spiceworks.com/topic/825700-get-aduser-distinguishedname-powershell-help
# Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}
# The hash literal was incomplete.
# + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
# + FullyQualifiedErrorId : IncompleteHashLiteral
#The next code look pretty similar to above, but there appear to be some differences, so I thought I'd try it.
#source: https://www.experts-exchange.com/questions/28206442/Get-part-of-Distinguished-Name-and-Output-to-file-in-Powershell.html
# Get-ADUser jsmith -prop MemberOf | Select Name,MemberOf,@{name="Research";expression={($_.DistinguishedName -split ",OU=")[1]}}
# Name MemberOf
# ---- --------
# Smith, John A - (jsmith) {CN=VPN Users,OU=Resource,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegation,DC=domainetc, CN=ResG-Smith,OU=Smith,OU=Research,OU=User Groups,OU=Groups,OU=Delegated OUs,OU=Delegat...
}
}
你可以使用两次"split"方法,先用逗号将字符串分割成一个数组,然后你可以再次"split"将"OU="与其他所有内容分开。您的 Get-ADUser 命令最终看起来类似于:
Get-ADUser $user | Select-Object Name, Memberof, @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}
不使用字符串方法解析 DistinguishedName 的另一种方法是执行 Get-ADGroup 查找。第二次查找效率较低,但不太可能在意外的目录路径上中断。
function Get-ResearchGroup {
param (
[string[]]$Identity
)
foreach ($ID in $Identity) {
$User = Get-ADUser $ID -Properties MemberOf
$ResearchGroupsDN = $User.MemberOf | Where-Object {$_ -like 'CN=ResG*'}
foreach ($ResearchGroupDN in $ResearchGroupsDN) {
$ResearchGroupObject = Get-ADGroup $ResearchGroupDN
[PSCustomObject]@{
'Name' = $User.Name
'MemberOf' = $ResearchGroupObject.Name -replace 'ResG',''
}
}
}
}