已终止且不在组中
Terminated & Not In Group
我正在尝试为没有组 "Terminated Employees" 的所有已禁用帐户生成报告,但它似乎没有生成报告。以下是我目前的代码。
TLDR: 文本文件包含所有已禁用帐户的列表,我正在尝试将该列表与已终止员工的人员列表进行交叉引用,然后 return 添加到 CSV 文件中,该列表中的帐户和 "Terminated Employees".
组中的 not
另请注意,我们需要绕过 Get-ADGroupMember 的限制,因为该群组中有超过 5000 名成员。
$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"
$a = @(Get-ADGroup $ADGroupName | Select-Object -ExpandProperty Member)
foreach ($user in $users) {
if ($a -contains $user) {
"Member found"
} else {
$SplitStep1 = ($Member -split ",",2)[0]
$SplitStep2 = ($SplitStep1 -split "=",2)[1]
$SplitStep2 = $SplitStep2 | Out-File -Append $InputPath
}
}
foreach ($value in (Get-Content $InputPath)) {
$b = Get-ADUser -Identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
您没有在 Get-ADGroup 命令中从 ActiveDirectory 请求 Members 属性(还需要将 s 添加到 Members Select-Object ;)).
$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"
# Here we need to add the -Properties parameter to ask ActiveDirectory for the group Members
$a = @(Get-ADGroup -Identity $ADGroupName -Properties Members | Select-Object -ExpandProperty Members)
ForEach ($user in $users)
{
if ($a -contains $user)
{
"Member found"
}
else
{
$SplitStep1 = ($Member -split ",",2)[0]
$SplitStep2 = ($SplitStep1 -split "=",2)[1]
$SplitStep2 = $SplitStep2 | out-file -Append $InputPath
}
}
ForEach ($value in (Get-Content $InputPath))
{
$b = Get-ADUser -identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
我建议使用 Import-Csv 和 Export-Csv cmdlet 处理输入和输出文件。如果我们正在搜索属于特定组的禁用用户帐户,则根本不需要输入文件。
这个oneliner怎么样:
Get-ADGroup "Terminated Employees" -Properties Members |
Select-Object -ExpandProperty Members |
Get-ADUser -Properties Enabled, Displayname, LastLogonDate |
Where-Object {$_.Enabled -eq $false} |
Select-Object DisplayName, SamAccountName, LastLogonDate, Enabled |
Export-Csv outfile.txt
编辑:在急于回答之前应该已经将原始问题内化了。我认为最清晰的方法是创建两组用户并进行比较,将结果导出到 CSV 文件。
$disabledusers = Get-Aduser -filter "Enabled -eq '$false'" -properties
DisplayName, SamAccountName, LastLogonDate, Enabled | select DisplayName,
SamAccountName, LastLogonDate, Enabled
$groupmembers = Get-ADGroup "Terminated Employees" -Properties Members|
Select-Object -ExpandProperty Members | Get-ADUser -Properties DisplayName,
sAMAccountName, LastLogonDate, Enabled | select DisplayName, SamAccountName,
LastLogonDate, Enabled
Compare-Object $groupmembers $disabledusers -Property enabled -PassThru |
?{$_.sideindicator -eq "=>"} | select DisplayName, SamAccountName,
LastLogonDate, Enabled | export-csv outfile.txt
我正在尝试为没有组 "Terminated Employees" 的所有已禁用帐户生成报告,但它似乎没有生成报告。以下是我目前的代码。
TLDR: 文本文件包含所有已禁用帐户的列表,我正在尝试将该列表与已终止员工的人员列表进行交叉引用,然后 return 添加到 CSV 文件中,该列表中的帐户和 "Terminated Employees".
组中的 not另请注意,我们需要绕过 Get-ADGroupMember 的限制,因为该群组中有超过 5000 名成员。
$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"
$a = @(Get-ADGroup $ADGroupName | Select-Object -ExpandProperty Member)
foreach ($user in $users) {
if ($a -contains $user) {
"Member found"
} else {
$SplitStep1 = ($Member -split ",",2)[0]
$SplitStep2 = ($SplitStep1 -split "=",2)[1]
$SplitStep2 = $SplitStep2 | Out-File -Append $InputPath
}
}
foreach ($value in (Get-Content $InputPath)) {
$b = Get-ADUser -Identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
您没有在 Get-ADGroup 命令中从 ActiveDirectory 请求 Members 属性(还需要将 s 添加到 Members Select-Object ;)).
$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"
# Here we need to add the -Properties parameter to ask ActiveDirectory for the group Members
$a = @(Get-ADGroup -Identity $ADGroupName -Properties Members | Select-Object -ExpandProperty Members)
ForEach ($user in $users)
{
if ($a -contains $user)
{
"Member found"
}
else
{
$SplitStep1 = ($Member -split ",",2)[0]
$SplitStep2 = ($SplitStep1 -split "=",2)[1]
$SplitStep2 = $SplitStep2 | out-file -Append $InputPath
}
}
ForEach ($value in (Get-Content $InputPath))
{
$b = Get-ADUser -identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
我建议使用 Import-Csv 和 Export-Csv cmdlet 处理输入和输出文件。如果我们正在搜索属于特定组的禁用用户帐户,则根本不需要输入文件。
这个oneliner怎么样:
Get-ADGroup "Terminated Employees" -Properties Members |
Select-Object -ExpandProperty Members |
Get-ADUser -Properties Enabled, Displayname, LastLogonDate |
Where-Object {$_.Enabled -eq $false} |
Select-Object DisplayName, SamAccountName, LastLogonDate, Enabled |
Export-Csv outfile.txt
编辑:在急于回答之前应该已经将原始问题内化了。我认为最清晰的方法是创建两组用户并进行比较,将结果导出到 CSV 文件。
$disabledusers = Get-Aduser -filter "Enabled -eq '$false'" -properties
DisplayName, SamAccountName, LastLogonDate, Enabled | select DisplayName,
SamAccountName, LastLogonDate, Enabled
$groupmembers = Get-ADGroup "Terminated Employees" -Properties Members|
Select-Object -ExpandProperty Members | Get-ADUser -Properties DisplayName,
sAMAccountName, LastLogonDate, Enabled | select DisplayName, SamAccountName,
LastLogonDate, Enabled
Compare-Object $groupmembers $disabledusers -Property enabled -PassThru |
?{$_.sideindicator -eq "=>"} | select DisplayName, SamAccountName,
LastLogonDate, Enabled | export-csv outfile.txt