阻止批量用户帐户
Block bulk user accounts
有什么方法可以通过 EmployeeID 而不是 UPN 来阻止 Office365 中的用户帐户?
这是我试过的脚本,但它只能被 UPN 阻止:
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$upn = $_."UserPrincipalName"
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
如果您的 csv 文件包含名为 EmployeeId 的列,您可以使用该列通过 Get-AdUser cmdlet 获取 UserPrincipalName 属性:
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$user = Get-ADUser -Properties EmployeeID -Filter "EmployeeID -eq $($_.EmployeeID)"
if ($user) {
$upn = $user.UserPrincipleName
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
}
编辑
从您的评论来看,EmployeeID 属性 在您的组织中似乎并不总是独一无二的。
在那种情况下,下面的代码应该能够处理
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$user = Get-ADUser -Properties EmployeeID -Filter "EmployeeID -eq $($_.EmployeeID)"
if ($user) {
foreach ($usr in $user) {
Write-Host "Blocking user $($usr.Name)"
$upn = $usr.UserPrincipleName
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
}
else {
Write-Host "User with EmployeeID $($_.EmployeeID) not found"
}
}
P.S。如果您的 CSV 可以包含 EmployeeID 列的空值,请将第一行更改为
Import-Csv 'C:\BlockedUsers.csv' | Where-Object {$_.EmployeeID -match '\S'} | ForEach-Object {
删除空值或 whitespace-only 值。
编辑
如果您确定您的 CSV 包含一列 EmployeeId 并且您没有将其误认为是 AD 属性 EmployeeNumber,那么这可能对您有用。
它使用 Get-ADUser 获取用户对象的集合,这些用户对象实际上 在其 EmployeeId 属性中具有 某些内容,并通过与您使用 [=21 从 CSV 中读取的对象进行比较来改进它=].
EmployeeId 和 EmployeeNUmber 都是 String 类型的 AD 属性。你可以查一下 here
# first read the CSV into an array containing only the values from the 'EmployeeID' column
$blockedUserIds = Import-Csv 'C:\BlockedUsers.csv' | Select-Object -ExpandProperty EmployeeId -Unique
# next get an array of user objects that have something in the EmployeeID attribute and only
# leave the users where the attribute can be matched to a value captured in the CSV array above
# use the '@(..)' syntax to force the result to be an array, even if only one item is found
$usersToBlock = @(Get-ADUser -Properties EmployeeID, Name, UserPrincipalName -Filter "EmployeeID -like '*'" |
Where-Object { $blockedUserIds -contains $_.EmployeeID })
# you can also use the '-LDAPFilter' parameter
# $usersToBlock = @(Get-ADUser -Properties EmployeeID, Name, UserPrincipalName -LDAPFilter "(employeeID=*)" |
# Where-Object { $blockedUserIds -contains $_.EmployeeID })
# you now should have an array of user objects that need to be blocked
if ($usersToBlock.Count) {
Write-Host "Blocking $($usersToBlock.Count) users.." -ForegroundColor Green
$usersToBlock | ForEach-Object {
Write-Host "Blocking user $($_.Name)"
Set-MsolUser -UserPrincipalName $($_.UserPrincipleName) -BlockCredential $true
}
}
else {
Write-Warning "No users found with an EmployeeId property that matches any of the values in BlockedUsers.csv"
}
有什么方法可以通过 EmployeeID 而不是 UPN 来阻止 Office365 中的用户帐户?
这是我试过的脚本,但它只能被 UPN 阻止:
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$upn = $_."UserPrincipalName"
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
如果您的 csv 文件包含名为 EmployeeId 的列,您可以使用该列通过 Get-AdUser cmdlet 获取 UserPrincipalName 属性:
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$user = Get-ADUser -Properties EmployeeID -Filter "EmployeeID -eq $($_.EmployeeID)"
if ($user) {
$upn = $user.UserPrincipleName
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
}
编辑
从您的评论来看,EmployeeID 属性 在您的组织中似乎并不总是独一无二的。
在那种情况下,下面的代码应该能够处理
Import-Csv 'C:\BlockedUsers.csv' | ForEach-Object {
$user = Get-ADUser -Properties EmployeeID -Filter "EmployeeID -eq $($_.EmployeeID)"
if ($user) {
foreach ($usr in $user) {
Write-Host "Blocking user $($usr.Name)"
$upn = $usr.UserPrincipleName
Set-MsolUser -UserPrincipalName $upn -BlockCredential $true
}
}
else {
Write-Host "User with EmployeeID $($_.EmployeeID) not found"
}
}
P.S。如果您的 CSV 可以包含 EmployeeID 列的空值,请将第一行更改为
Import-Csv 'C:\BlockedUsers.csv' | Where-Object {$_.EmployeeID -match '\S'} | ForEach-Object {
删除空值或 whitespace-only 值。
编辑
如果您确定您的 CSV 包含一列 EmployeeId 并且您没有将其误认为是 AD 属性 EmployeeNumber,那么这可能对您有用。
它使用 Get-ADUser 获取用户对象的集合,这些用户对象实际上 在其 EmployeeId 属性中具有 某些内容,并通过与您使用 [=21 从 CSV 中读取的对象进行比较来改进它=].
EmployeeId 和 EmployeeNUmber 都是 String 类型的 AD 属性。你可以查一下 here
# first read the CSV into an array containing only the values from the 'EmployeeID' column
$blockedUserIds = Import-Csv 'C:\BlockedUsers.csv' | Select-Object -ExpandProperty EmployeeId -Unique
# next get an array of user objects that have something in the EmployeeID attribute and only
# leave the users where the attribute can be matched to a value captured in the CSV array above
# use the '@(..)' syntax to force the result to be an array, even if only one item is found
$usersToBlock = @(Get-ADUser -Properties EmployeeID, Name, UserPrincipalName -Filter "EmployeeID -like '*'" |
Where-Object { $blockedUserIds -contains $_.EmployeeID })
# you can also use the '-LDAPFilter' parameter
# $usersToBlock = @(Get-ADUser -Properties EmployeeID, Name, UserPrincipalName -LDAPFilter "(employeeID=*)" |
# Where-Object { $blockedUserIds -contains $_.EmployeeID })
# you now should have an array of user objects that need to be blocked
if ($usersToBlock.Count) {
Write-Host "Blocking $($usersToBlock.Count) users.." -ForegroundColor Green
$usersToBlock | ForEach-Object {
Write-Host "Blocking user $($_.Name)"
Set-MsolUser -UserPrincipalName $($_.UserPrincipleName) -BlockCredential $true
}
}
else {
Write-Warning "No users found with an EmployeeId property that matches any of the values in BlockedUsers.csv"
}