PowerShell - 来自主要组的 AD 用户加上两个次要组中的任何一个
PowerShell - AD users from Primary group plus either of two Secondary groups
脚本在这里:
https://gallery.technet.microsoft.com/scriptcenter/Powershell-Get-users-who-b0420fe1
将 return 存在于主要组中的用户的结果,加上两个次要组中的任何一个(感谢 OP zperryz 提供的代码)。以下是我目前的脚本版本。
我想为禁用用户和特定 "hold" OU 中的用户添加条件。在另一个脚本中,我已经能够这样做(显然是一个片段,而不是整个脚本):
| where {$_.Enabled -ne $False} `
| where {$_.DistinguishedName -notlike "*HOLD OU*"} `
我只是不确定在哪里 "inject" 这些到下面的脚本中。 (未来的修改将 return 更多信息,例如 DisplayName、Enabled 和 DistinguishedName,而不仅仅是登录。)
如果有人有什么建议,我将不胜感激!这是今天的脚本:
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
get-adgroupmember $ADgroup1 `
| ForEach-Object {if(((GET-ADUSER –Identity $_.SamAccountName –Properties MemberOf `
| Select-Object MemberOf).MemberOf -replace '^CN=([^,]+).+$','') -eq "$ADgroup2" -or "$ADgroup3"){$_.SamAccountName `
| Out-File -append -filepath C:\UsersJake\Desktop\VPN_Users.txt}}
谢谢!
最终版本,全部附有评论:
照原样,这是为 运行 在控制台中设计的,但如果需要,应该很容易更新以吐出文件。
# Define Variables
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
$vpnGroups = $ADgroup2, $ADgroup3
# Collect users in $ADgroup1
# Also pass user properties forward
$UsersFound = (
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf, Name, SamAccountName, Company |
# Ignore disabled users & those in the "On HOLD" OU
Where {
$_.Enabled -ne $False -and
$_.DistinguishedName -notlike '*HOLD OU*'
} |
# Compare users in $ADgroup1 to the ones in $ADgroup2 and $ADgroup3
select Name, SamAccountName, Company,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
Where { $groups = @($_.Groups); $vpnGroups | Where { $groups -contains $_ } }
)
# Display count
Write-Host "Total = " $UsersFound.Count
# Prompt to show user info
$YN = Read-Host "Show Users? (Y/N)"
if ($YN -eq 'Y')
{
$UsersFound |
select Name, SamAccountName, Company |
Sort-Object name, company |
Out-GridView
}
else {exit}
首先,您应该解开那个令人费解的 if 语句。这样的东西会更具可读性(并且更易于维护):
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 | ForEach-Object {
Get-ADUser -Identity $_.SamAccountName -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Append -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'
}
你甚至不需要 ForEach-Object 循环,因为 Get-ADUser 可以直接从管道读取:
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'
有了它,您可以简单地在 Get-ADUser:
之后插入额外的过滤器
Get-ADGroupMember $ADgroup1 |
获取 ADUser -Properties MemberOf |
<b><i>? {
$_.Enabled -ne $False - 和
$_.DistinguishedName - 不像'*HOLD OU*'
} |</i></b>
select SamAccountName,
@{n='Groups';e={$_.MemberOf |获取广告组 | select -展开名称}} |
? { $groups = @($_.Groups); $vpn组| ? { $groups -包含 $_ } } |
select -展开SamAccountName |
Out-File -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'
脚本在这里:
https://gallery.technet.microsoft.com/scriptcenter/Powershell-Get-users-who-b0420fe1
将 return 存在于主要组中的用户的结果,加上两个次要组中的任何一个(感谢 OP zperryz 提供的代码)。以下是我目前的脚本版本。
我想为禁用用户和特定 "hold" OU 中的用户添加条件。在另一个脚本中,我已经能够这样做(显然是一个片段,而不是整个脚本):
| where {$_.Enabled -ne $False} `
| where {$_.DistinguishedName -notlike "*HOLD OU*"} `
我只是不确定在哪里 "inject" 这些到下面的脚本中。 (未来的修改将 return 更多信息,例如 DisplayName、Enabled 和 DistinguishedName,而不仅仅是登录。)
如果有人有什么建议,我将不胜感激!这是今天的脚本:
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
get-adgroupmember $ADgroup1 `
| ForEach-Object {if(((GET-ADUSER –Identity $_.SamAccountName –Properties MemberOf `
| Select-Object MemberOf).MemberOf -replace '^CN=([^,]+).+$','') -eq "$ADgroup2" -or "$ADgroup3"){$_.SamAccountName `
| Out-File -append -filepath C:\UsersJake\Desktop\VPN_Users.txt}}
谢谢!
最终版本,全部附有评论:
照原样,这是为 运行 在控制台中设计的,但如果需要,应该很容易更新以吐出文件。
# Define Variables
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
$vpnGroups = $ADgroup2, $ADgroup3
# Collect users in $ADgroup1
# Also pass user properties forward
$UsersFound = (
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf, Name, SamAccountName, Company |
# Ignore disabled users & those in the "On HOLD" OU
Where {
$_.Enabled -ne $False -and
$_.DistinguishedName -notlike '*HOLD OU*'
} |
# Compare users in $ADgroup1 to the ones in $ADgroup2 and $ADgroup3
select Name, SamAccountName, Company,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
Where { $groups = @($_.Groups); $vpnGroups | Where { $groups -contains $_ } }
)
# Display count
Write-Host "Total = " $UsersFound.Count
# Prompt to show user info
$YN = Read-Host "Show Users? (Y/N)"
if ($YN -eq 'Y')
{
$UsersFound |
select Name, SamAccountName, Company |
Sort-Object name, company |
Out-GridView
}
else {exit}
首先,您应该解开那个令人费解的 if 语句。这样的东西会更具可读性(并且更易于维护):
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 | ForEach-Object {
Get-ADUser -Identity $_.SamAccountName -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Append -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'
}
你甚至不需要 ForEach-Object 循环,因为 Get-ADUser 可以直接从管道读取:
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'
有了它,您可以简单地在 Get-ADUser:
Get-ADGroupMember $ADgroup1 |
获取 ADUser -Properties MemberOf |
<b><i>? {
$_.Enabled -ne $False - 和
$_.DistinguishedName - 不像'*HOLD OU*'
} |</i></b>
select SamAccountName,
@{n='Groups';e={$_.MemberOf |获取广告组 | select -展开名称}} |
? { $groups = @($_.Groups); $vpn组| ? { $groups -包含 $_ } } |
select -展开SamAccountName |
Out-File -Filepath 'C:\UsersJake\Desktop\VPN_Users.txt'