如何从仅包含安全组的 AD 组中获取组成员?
How can I get group members from an AD group that only contains security groups?
我有 3 个组(HR、COMPT 和 FIN),它们的组只包含安全组。
我如何提取他们的组成员?
$Groups =
@"
GroupNames;
HR
COMPT
FIN
"@ | ConvertFrom-Csv -Delimiter ';'
#HR has 3 security groups
#COMPT has 5 security groups
#FIN has 2 security groups
### I want to know how can I get their members ###
foreach ($Group in $Groups){
#Save-File to this Path
$Path = "C:\Temp\"
$group.GroupNames | Get-ADGroupMember | select name -ExpandProperty Name | ForEach-Object {
Get-ADGroup $_ -Properties Members | select Name |
#Export CSV
Export-Csv -Path (Join-Path -Path $path -ChildPath ('{0}.csv' -f $group.Name)) -NoTypeInformation -Delimiter ";" -Encoding UTF8
}
}
您可以尝试这样的操作,首先循环遍历 CSV 上的组 (Parents),然后针对您查询的每个 parent他们的 Member 属性(Child Groups),对于每个 child 您查询他们的 Member 属性,在这种情况下应该是 用户 objects。这将为您提供每个 Parent 群组 及其 Child 群组 及其 成员的报告.
# CSV Should have a `GroupNames` column!!
$groups = Import-Csv /path/to/parentGroups.csv
$result = foreach($parent in $groups.GroupNames) {
$parentGroup = Get-ADGroup $parent -Properties Member
foreach($child in $parentGroup.Member) {
# NOTE: This assumes the Members of Parent are GROUPS!
$childGroup = Get-ADGroup $child -Properties Member
foreach($member in $childGroup.Member) {
$member = Get-ADObject $member
[pscustomobject]@{
ParentGroup = $parentGroup.SamAccountName
ChildGroup = $childGroup.SamAccountName
Member = $member.SamAccountName
ObjectClass = $member.ObjectClass
}
}
}
}
$result | Export-Csv ..... -NoTypeInformation
我有 3 个组(HR、COMPT 和 FIN),它们的组只包含安全组。 我如何提取他们的组成员?
$Groups =
@"
GroupNames;
HR
COMPT
FIN
"@ | ConvertFrom-Csv -Delimiter ';'
#HR has 3 security groups
#COMPT has 5 security groups
#FIN has 2 security groups
### I want to know how can I get their members ###
foreach ($Group in $Groups){
#Save-File to this Path
$Path = "C:\Temp\"
$group.GroupNames | Get-ADGroupMember | select name -ExpandProperty Name | ForEach-Object {
Get-ADGroup $_ -Properties Members | select Name |
#Export CSV
Export-Csv -Path (Join-Path -Path $path -ChildPath ('{0}.csv' -f $group.Name)) -NoTypeInformation -Delimiter ";" -Encoding UTF8
}
}
您可以尝试这样的操作,首先循环遍历 CSV 上的组 (Parents),然后针对您查询的每个 parent他们的 Member 属性(Child Groups),对于每个 child 您查询他们的 Member 属性,在这种情况下应该是 用户 objects。这将为您提供每个 Parent 群组 及其 Child 群组 及其 成员的报告.
# CSV Should have a `GroupNames` column!!
$groups = Import-Csv /path/to/parentGroups.csv
$result = foreach($parent in $groups.GroupNames) {
$parentGroup = Get-ADGroup $parent -Properties Member
foreach($child in $parentGroup.Member) {
# NOTE: This assumes the Members of Parent are GROUPS!
$childGroup = Get-ADGroup $child -Properties Member
foreach($member in $childGroup.Member) {
$member = Get-ADObject $member
[pscustomobject]@{
ParentGroup = $parentGroup.SamAccountName
ChildGroup = $childGroup.SamAccountName
Member = $member.SamAccountName
ObjectClass = $member.ObjectClass
}
}
}
}
$result | Export-Csv ..... -NoTypeInformation