根据特定 AD 组中的用户配置文件描述获取 AD 用户
Get AD User based on their User Profile Description in a Specific AD Group
我正在尝试获取 AD 组 'Fall 2021' 中的所有 AD 用户,其中的描述类似于 'Customer.' 我目前在 运行 我的脚本时收到此错误。非常感谢任何帮助或指导。
Get-ADGroup : Error parsing query: 'Fall 2021' Error Message: 'syntax error' at position: '1'.
At line:1 char:1
+ Get-ADGroup -filter "Fall 2021" | Where-Objec ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADGroup], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
这是脚本:
Get-ADGroup -filter "Fall 2021" | Where-Object {$_.Description -like 'Customer' }
-Filter "Fall 2021" 不是 AD Filter, if the Name of the group is Fall 2021 you can use the -Identity parameter as Mathias R. Jessen points out. If you want to query the group membership, you can use Get-ADGroupMember 的有效语法,或者您可以查询组的 Member 属性:
(Get-ADGroup -Identity 'Fall 2021' -Properties Member).Member | ForEach-Object {
$obj = Get-ADObject $_ -Properties Description
# if this member is a user object and it's description is customer
if($obj.ObjectClass -eq 'user' -and $obj.Description -eq 'Customer') {
# output this object
$obj
}
}
这个查询也可以反向查询,我们可以使用LDAPFilter来搜索所有MemerOf属性包含2021年秋季[=]的DistinguishedName的用户29=] 组,其 Description 属性等于 Customer:
$groupDN = (Get-ADGroup -Identity 'Fall 2021').DistinguishedName
Get-ADUser -LDAPFilter "(&(memberof=$groupDN)(description=Customer))"
我正在尝试获取 AD 组 'Fall 2021' 中的所有 AD 用户,其中的描述类似于 'Customer.' 我目前在 运行 我的脚本时收到此错误。非常感谢任何帮助或指导。
Get-ADGroup : Error parsing query: 'Fall 2021' Error Message: 'syntax error' at position: '1'.
At line:1 char:1
+ Get-ADGroup -filter "Fall 2021" | Where-Objec ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADGroup], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
这是脚本:
Get-ADGroup -filter "Fall 2021" | Where-Object {$_.Description -like 'Customer' }
-Filter "Fall 2021" 不是 AD Filter, if the Name of the group is Fall 2021 you can use the -Identity parameter as Mathias R. Jessen points out. If you want to query the group membership, you can use Get-ADGroupMember 的有效语法,或者您可以查询组的 Member 属性:
(Get-ADGroup -Identity 'Fall 2021' -Properties Member).Member | ForEach-Object {
$obj = Get-ADObject $_ -Properties Description
# if this member is a user object and it's description is customer
if($obj.ObjectClass -eq 'user' -and $obj.Description -eq 'Customer') {
# output this object
$obj
}
}
这个查询也可以反向查询,我们可以使用LDAPFilter来搜索所有MemerOf属性包含2021年秋季[=]的DistinguishedName的用户29=] 组,其 Description 属性等于 Customer:
$groupDN = (Get-ADGroup -Identity 'Fall 2021').DistinguishedName
Get-ADUser -LDAPFilter "(&(memberof=$groupDN)(description=Customer))"