Powershell 导出 Active Directory 用户数据不完整
Powershell export Active Directory User data not complete
在删除帐户之前,我必须导出帐户的用户数据。问题是,并非所有组成员身份都写入 .txt 文件(如下示例)。
这是代码:
Get-ADUser -Properties * -Filter "cn -eq '$name'" |
format-list -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $name | select -expandproperty name)}}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}} |
#write data into txt file
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
这是输出:
Name : John Doe
Initials : Jdo
Email : John.Doe@acme.com
Groups : {Domain-User, Remotedesktopuser, Administrator, Share-User...}
Creation : 23.03.2018 13:36:44
Deletion : 17.12.2018 08:46:30
Last Change : 16.12.2018 10:42:21
确实不是 Format-List 造成的,select 也会发生同样的事情,尽管像这样使用 Format-* 并不是真的。默认情况下,这将是一个列表,因此,没有真正的理由将它用于您想要的东西。
你甚至不需要那个展开。
问题是您不能使用该循环并期望它起作用,自动格式化程序不允许这样做。你必须直接处理集合,像这样...
Get-ADUser -Properties * -Filter * |
Select-Object -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $_.SamAccountName).Name -join ','}}} |
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
Get-Content -Path "C:\temp\deleted.txt"
# Results
Name : Administrator
Initials :
Email : Administrator@contoso.com
Creation : 3/31/2017 8:02:15 PM
Deletion : 12/17/2018 4:07:52 AM
Last change : 12/9/2018 7:23:22 PM
Groups : Domain Users,Administrators,Schema Admins,Enterprise Admins,Domain Admins,Group Policy Creator Owners,Organization Management,Recipient
Management,ADSyncAdmins,ADRMSSuperUsers
…
根据 OP 评论/问题更新
不用担心,很高兴它对你有用。
至于...
Would you mind to explain me what the difference between that two AD
Group commands are?
如果你的意思是...
Get-ADPrincipalGroupMembership Administrator | select -expandproperty
name
... vs ...
(Get-ADPrincipalGroupMembership Administrator).Name
...它们表面上是同一件事,每个都生成组名数组列表。
# use the expand switch to show the group name list
Get-ADPrincipalGroupMembership Administrator | select -expandproperty name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
# Use the property to view the group name list
(Get-ADPrincipalGroupMembership Administrator).Name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
但是,格式化程序在序列化数据时会尝试将所有内容放在一行中。然而,他们会截断它以适应屏幕/页面宽度。
所以,如果你想要一个不同的布局,那么你要么需要进入并处理默认的格式化程序文件,要么用代码来处理它。就个人而言,我从不试图去惹他们,只是努力用代码来处理它。所以,这个...
(Get-ADPrincipalGroupMembership Administrator).Name -join ','
...只是说,我知道这个集合是一个数组列表。我知道这将根据 screen/page 宽度被截断,因此,将此字符串列表连接为一个字符串并自动换行。
你可以用你原来的扩展方式做同样的事情...
(Get-ADPrincipalGroupMembership Administrator | select -expandproperty name) -join ','
出于审美原因以及较短的形式,我将组列表放在最后,因为我更喜欢尽可能不编写不必要的代码或使用不需要的选项。每个人都有自己的喜好。
在删除帐户之前,我必须导出帐户的用户数据。问题是,并非所有组成员身份都写入 .txt 文件(如下示例)。
这是代码:
Get-ADUser -Properties * -Filter "cn -eq '$name'" |
format-list -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $name | select -expandproperty name)}}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}} |
#write data into txt file
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
这是输出:
Name : John Doe
Initials : Jdo
Email : John.Doe@acme.com
Groups : {Domain-User, Remotedesktopuser, Administrator, Share-User...}
Creation : 23.03.2018 13:36:44
Deletion : 17.12.2018 08:46:30
Last Change : 16.12.2018 10:42:21
确实不是 Format-List 造成的,select 也会发生同样的事情,尽管像这样使用 Format-* 并不是真的。默认情况下,这将是一个列表,因此,没有真正的理由将它用于您想要的东西。
你甚至不需要那个展开。
问题是您不能使用该循环并期望它起作用,自动格式化程序不允许这样做。你必须直接处理集合,像这样...
Get-ADUser -Properties * -Filter * |
Select-Object -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $_.SamAccountName).Name -join ','}}} |
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
Get-Content -Path "C:\temp\deleted.txt"
# Results
Name : Administrator
Initials :
Email : Administrator@contoso.com
Creation : 3/31/2017 8:02:15 PM
Deletion : 12/17/2018 4:07:52 AM
Last change : 12/9/2018 7:23:22 PM
Groups : Domain Users,Administrators,Schema Admins,Enterprise Admins,Domain Admins,Group Policy Creator Owners,Organization Management,Recipient
Management,ADSyncAdmins,ADRMSSuperUsers
…
根据 OP 评论/问题更新
不用担心,很高兴它对你有用。
至于...
Would you mind to explain me what the difference between that two AD Group commands are?
如果你的意思是...
Get-ADPrincipalGroupMembership Administrator | select -expandproperty name
... vs ... (Get-ADPrincipalGroupMembership Administrator).Name
...它们表面上是同一件事,每个都生成组名数组列表。
# use the expand switch to show the group name list
Get-ADPrincipalGroupMembership Administrator | select -expandproperty name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
# Use the property to view the group name list
(Get-ADPrincipalGroupMembership Administrator).Name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
但是,格式化程序在序列化数据时会尝试将所有内容放在一行中。然而,他们会截断它以适应屏幕/页面宽度。 所以,如果你想要一个不同的布局,那么你要么需要进入并处理默认的格式化程序文件,要么用代码来处理它。就个人而言,我从不试图去惹他们,只是努力用代码来处理它。所以,这个...
(Get-ADPrincipalGroupMembership Administrator).Name -join ','
...只是说,我知道这个集合是一个数组列表。我知道这将根据 screen/page 宽度被截断,因此,将此字符串列表连接为一个字符串并自动换行。
你可以用你原来的扩展方式做同样的事情...
(Get-ADPrincipalGroupMembership Administrator | select -expandproperty name) -join ','
出于审美原因以及较短的形式,我将组列表放在最后,因为我更喜欢尽可能不编写不必要的代码或使用不需要的选项。每个人都有自己的喜好。