在 Powershell 中加速 AD Group/Membership 报告
Speed up AD Group/Membership Report in Powershell
所以我对 Powershell 脚本编写还很陌生,我一直在寻找遍历整个森林的方法,select 仅在其 AD 组名称中包含特定字符串的组,然后拉取完整成员列出每个组,然后包括他们的 AD 帐户 status/object class。这就是我目前正在使用的...任何帮助将不胜感激,因为它目前运行速度比..它运行得非常慢。
$OutputFileName = "Test File.csv"
$Data=@()
if (Test-Path $OutputFileName) {
Remove-Item $OutputFileName
}
$Tab = [char]9
foreach($Domain in Get-ADForest | select -ExpandProperty domains){
Foreach($ADGroup in get-adgroup -Filter {name -like "Test*"} -server $Domain){
Foreach($Member in Get-ADGroupMember -Identity $ADGroup -server $Domain){
$Data = Get-ADUser -Identity $Member -Properties enabled |
Select-Object @{Label = "AD Group";Expression = {$ADGroup.name}},
@{Name = "NTID";Expression = {$Member.samaccountname}},
@{Name = "Object Class";Expression = {$Member.objectclass}},
@{Name = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}
$Data | Export-Csv -Path c:\users\xxxxx\Test File.csv -NoTypeInformation -Append
}
}
}
由于某些原因,Get-ADGroupMember 是一个非常低效的 cmdlet,所以不是这样:
Foreach($ADGroup in Get-ADGroup -Filter {name -like "Test*"} -server $Domain){
Foreach($Member in Get-ADGroupMember -Identity $ADGroup -server $Domain){
$Data = Get-ADUser -Identity $Member -Properties enabled |
...
让我们剪掉 Get-ADGroupMember 以保存很多很多 AD 查找:
# Save results to a single list object
$Result = @()
Foreach($Domain in Get-ADForest | select -ExpandProperty domains){
Foreach ($ADGroup in (Get-ADGroup -Filter 'name -like "Test*"' -Server $Domain)) {
# Cut out Get-ADGroupMember --
Foreach ($Member in (Get-ADObject -Filter "MemberOf -EQ '$($ADGroup.DistinguishedName)'" -Properties userAccountControl,samaccountname -Server $Domain)) {
$Data = '' |
Select-Object @{Label = "AD Group";Expression = {$ADGroup.name}},
@{Name = "NTID";Expression = {$Member.samaccountname}},
@{Name = "Object Class";Expression = {$Member.objectclass}},
@{Name = "Account Status";Expression = {
if (($Member.userAccountControl -band 2) -eq 2 ) {'Disabled'}
Else {'Enabled'}
}}
$Result += $Data
}
}
}
# Do a single export.
$Result | Export-Csv -Path c:\users\xxxxx\Test File.csv -NoTypeInformation -Append
对于 return 900 个用户
,此示例在我的机器上花费了大约 1/100 的时间
所以我对 Powershell 脚本编写还很陌生,我一直在寻找遍历整个森林的方法,select 仅在其 AD 组名称中包含特定字符串的组,然后拉取完整成员列出每个组,然后包括他们的 AD 帐户 status/object class。这就是我目前正在使用的...任何帮助将不胜感激,因为它目前运行速度比..它运行得非常慢。
$OutputFileName = "Test File.csv"
$Data=@()
if (Test-Path $OutputFileName) {
Remove-Item $OutputFileName
}
$Tab = [char]9
foreach($Domain in Get-ADForest | select -ExpandProperty domains){
Foreach($ADGroup in get-adgroup -Filter {name -like "Test*"} -server $Domain){
Foreach($Member in Get-ADGroupMember -Identity $ADGroup -server $Domain){
$Data = Get-ADUser -Identity $Member -Properties enabled |
Select-Object @{Label = "AD Group";Expression = {$ADGroup.name}},
@{Name = "NTID";Expression = {$Member.samaccountname}},
@{Name = "Object Class";Expression = {$Member.objectclass}},
@{Name = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}
$Data | Export-Csv -Path c:\users\xxxxx\Test File.csv -NoTypeInformation -Append
}
}
}
Get-ADGroupMember 是一个非常低效的 cmdlet,所以不是这样:
Foreach($ADGroup in Get-ADGroup -Filter {name -like "Test*"} -server $Domain){
Foreach($Member in Get-ADGroupMember -Identity $ADGroup -server $Domain){
$Data = Get-ADUser -Identity $Member -Properties enabled |
...
让我们剪掉 Get-ADGroupMember 以保存很多很多 AD 查找:
# Save results to a single list object
$Result = @()
Foreach($Domain in Get-ADForest | select -ExpandProperty domains){
Foreach ($ADGroup in (Get-ADGroup -Filter 'name -like "Test*"' -Server $Domain)) {
# Cut out Get-ADGroupMember --
Foreach ($Member in (Get-ADObject -Filter "MemberOf -EQ '$($ADGroup.DistinguishedName)'" -Properties userAccountControl,samaccountname -Server $Domain)) {
$Data = '' |
Select-Object @{Label = "AD Group";Expression = {$ADGroup.name}},
@{Name = "NTID";Expression = {$Member.samaccountname}},
@{Name = "Object Class";Expression = {$Member.objectclass}},
@{Name = "Account Status";Expression = {
if (($Member.userAccountControl -band 2) -eq 2 ) {'Disabled'}
Else {'Enabled'}
}}
$Result += $Data
}
}
}
# Do a single export.
$Result | Export-Csv -Path c:\users\xxxxx\Test File.csv -NoTypeInformation -Append
对于 return 900 个用户
,此示例在我的机器上花费了大约 1/100 的时间