当经理是联系人时获取 ADUser 的经理。不是帐户
Getting ADUser's manager when that manager is a contact. not an account
我有一个脚本 运行 获取所有帐户及其经理并输出到 csv。
我想获取经理的 employeeID 和 UserPrincipalname
这对于作为客户的经理来说效果很好,但有时一个人的经理是联系人,因为他们是由来自不同办公室(不在我们本地 AD 中)的人管理的。
Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -filter * -properties * | select GivenName, Name, Surname, UserPrincipalName, employeeID, @{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}}, Department, Title, @{Name="ManagerID";Expression={(get-aduser -property employeeID $_.manager).employeeID}}, @{Name="ManagerEmail";Expression={(get-aduser -property employeeID $_.manager).UserPrincipalname}} | Export-CSV -Path C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv
我知道我可以通过以下方式获得联系方式:
Get-ADObject -Filter 'employeeID -eq "001" -and objectClass -eq "contact"'
但我似乎无法将这两个概念结合起来。如果是联系人而不是帐户,如何获取用户的经理信息?
谢谢!
你不会把所有这些都当作一行代码(除非你喜欢疯狂的长行代码..),但我会遍历找到的用户来做如下的事情:
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
$allUsers = Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -Filter * -Properties Department, Title, EmployeeID, AccountExpirationDate, Manager
foreach ($user in $allUsers) {
# create an empty Hashtable for the two manager properties
$manager = @{ID = $null; Email = $null }
if (![string]::IsNullOrWhiteSpace($user.Manager)) {
# try and get an ADObject from the Manager property (= DistinguishedName)
# Get-ADObject by default returns these properties:
# DistinguishedName, Name, ObjectClass, ObjectGUID
# if you're worried about distinghuishedName containing characters like a single quote (O'Brian)
# you can use the -Identity parameter:
try { $mgrObject = Get-ADObject -Identity $user.Manager -Properties mail, EmployeeID -ErrorAction Stop }
catch {$mgrObject = $null}
# using the -Filter would not need a try{..} catch{..}
# $mgrObject = Get-ADObject -Filter "DistinguishedName -eq '$($user.Manager)'" -Properties mail, EmployeeID -ErrorAction SilentlyContinue
if ($mgrObject) {
# test if this is a contact or a user object
switch ($mgrObject.objectClass) {
'user' {
# if it's a user, perform another Get-ADUser call
$mgr = $mgrObject | Get-ADUser -Properties EmployeeID, EmailAddress
$manager['ID'] = $mgr.EmployeeID
$manager['Email'] = $mgr.EmailAddress # or if you prefer UserPrincipalName
}
'contact' {
# if it's a contact use the properties we already have in the $mgrObject
$manager['ID'] = $mgrObject.EmployeeID
$manager['Email'] = $mgrObject.mail
}
}
}
}
# output an object with all properties you want in the csv
$user | Select-Object GivenName, Name, Surname, UserPrincipalName, EmployeeID,
@{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}},
Department, Title,
@{Name="ManagerID";Expression={$manager['ID']}},
@{Name="ManagerEmail";Expression={$manager['Email']}}
}
# output the results to CSV file
$result | Export-CSV -Path 'C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv' -NoTypeInformation
据我所知,您可以使用 Get-ADObject 获取联系人的所有属性:
CanonicalName, Description, DisplayName, DistinguishedName
givenName, legacyExchangeDN, mail, Name, initials, sn, targetAddress
Title, Department, Division, Company, EmployeeID, EmployeeNumber
StreetAddress, PostalCode, telephoneNumber, HomePhone, mobile, pager, ipphone
facsimileTelephoneNumber, l, st, cn, physicalDeliveryOfficeName, co
mailnickname, proxyAddresses, msExchRecipientDisplayType
msExchRecipientTypeDetails, msExchRemoteRecipientType, info
我有一个脚本 运行 获取所有帐户及其经理并输出到 csv。 我想获取经理的 employeeID 和 UserPrincipalname
这对于作为客户的经理来说效果很好,但有时一个人的经理是联系人,因为他们是由来自不同办公室(不在我们本地 AD 中)的人管理的。
Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -filter * -properties * | select GivenName, Name, Surname, UserPrincipalName, employeeID, @{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}}, Department, Title, @{Name="ManagerID";Expression={(get-aduser -property employeeID $_.manager).employeeID}}, @{Name="ManagerEmail";Expression={(get-aduser -property employeeID $_.manager).UserPrincipalname}} | Export-CSV -Path C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv
我知道我可以通过以下方式获得联系方式:
Get-ADObject -Filter 'employeeID -eq "001" -and objectClass -eq "contact"'
但我似乎无法将这两个概念结合起来。如果是联系人而不是帐户,如何获取用户的经理信息?
谢谢!
你不会把所有这些都当作一行代码(除非你喜欢疯狂的长行代码..),但我会遍历找到的用户来做如下的事情:
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
$allUsers = Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -Filter * -Properties Department, Title, EmployeeID, AccountExpirationDate, Manager
foreach ($user in $allUsers) {
# create an empty Hashtable for the two manager properties
$manager = @{ID = $null; Email = $null }
if (![string]::IsNullOrWhiteSpace($user.Manager)) {
# try and get an ADObject from the Manager property (= DistinguishedName)
# Get-ADObject by default returns these properties:
# DistinguishedName, Name, ObjectClass, ObjectGUID
# if you're worried about distinghuishedName containing characters like a single quote (O'Brian)
# you can use the -Identity parameter:
try { $mgrObject = Get-ADObject -Identity $user.Manager -Properties mail, EmployeeID -ErrorAction Stop }
catch {$mgrObject = $null}
# using the -Filter would not need a try{..} catch{..}
# $mgrObject = Get-ADObject -Filter "DistinguishedName -eq '$($user.Manager)'" -Properties mail, EmployeeID -ErrorAction SilentlyContinue
if ($mgrObject) {
# test if this is a contact or a user object
switch ($mgrObject.objectClass) {
'user' {
# if it's a user, perform another Get-ADUser call
$mgr = $mgrObject | Get-ADUser -Properties EmployeeID, EmailAddress
$manager['ID'] = $mgr.EmployeeID
$manager['Email'] = $mgr.EmailAddress # or if you prefer UserPrincipalName
}
'contact' {
# if it's a contact use the properties we already have in the $mgrObject
$manager['ID'] = $mgrObject.EmployeeID
$manager['Email'] = $mgrObject.mail
}
}
}
}
# output an object with all properties you want in the csv
$user | Select-Object GivenName, Name, Surname, UserPrincipalName, EmployeeID,
@{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}},
Department, Title,
@{Name="ManagerID";Expression={$manager['ID']}},
@{Name="ManagerEmail";Expression={$manager['Email']}}
}
# output the results to CSV file
$result | Export-CSV -Path 'C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv' -NoTypeInformation
据我所知,您可以使用 Get-ADObject 获取联系人的所有属性:
CanonicalName, Description, DisplayName, DistinguishedName
givenName, legacyExchangeDN, mail, Name, initials, sn, targetAddress
Title, Department, Division, Company, EmployeeID, EmployeeNumber
StreetAddress, PostalCode, telephoneNumber, HomePhone, mobile, pager, ipphone
facsimileTelephoneNumber, l, st, cn, physicalDeliveryOfficeName, co
mailnickname, proxyAddresses, msExchRecipientDisplayType
msExchRecipientTypeDetails, msExchRemoteRecipientType, info