因此,我拼凑了这个小脚本,将Active Directory中的所有用户转储到他们所属的所有组中。这部分效果很好。但与大多数组织一样,销售人员也会四处走动。
现在假设我有5个组,每个组中有一个用户
现在我将这些用户放在他们各自的群组中,但我们可以说我们有两个人移动区域。让我们说Mark和Liz切换。现在我运行我的脚本,现在这些组看起来像这样。
现在我的脚本检测到用户已切换位置但无法检测到Mark不再位于区域1中且Liz不再位于区域2中。
如何查看用户是否应该在一个组中,然后将其删除。
# Lets start with a clean slate :)
Clear
# Lets reference the assembly / GAC that we need for this
#region
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
$SPSite = New-Object Microsoft.SharePoint.SPSite("https://extranet.something.com")
$OpenWeb = $SpSite.OpenWeb("/")
#endregion
# Add some eye candy :)
#region
write-host " _ ____ ____ " -foregroundcolor Magenta
write-host " / \ | _ \ / ___| _ _ _ __ ___ " -foregroundcolor Magenta
write-host " / _ \ | | | |____\___ \| | | | '_ \ / __|" -foregroundcolor Magenta
write-host " / ___ \| |_| |_____|__) | |_| | | | | (__ " -foregroundcolor Magenta
write-host "|_/ \_\____/ |____/ \__, |_| |_|\___|" -foregroundcolor Magenta
write-host " |___/ " -foregroundcolor Magenta
Write-Host " Version 2.0" -foregroundcolor Red
Write-Host " Build 2009 09-10 21:30" -foregroundcolor Red
Write-host " Created by Mitchell J. Skurnik" -foregroundcolor Red
#endregion
# Create the stopwatch
#region
[System.Diagnostics.Stopwatch] $sw;
$sw = New-Object System.Diagnostics.StopWatch
$sw.Stop()
$sw.Start()
#endregion
# Function to control Adding groups
function creategroup
{
param ([string] $siteurl = "https://extranet.something.com")
$site = New-Object Microsoft.SharePoint.SPSite($siteurl)
$web = $site.RootWeb;
$group = $currentgroup;
$perm = "Read";
$owner = "jdoe";
if ($owner -eq "") { $owner = $web.CurrentUser.LoginName }
$exists = $web.SiteGroups | where { $_.Name -eq $group }
if ($exists -eq $null)
{
# Create group
$web.SiteGroups.Add($group, $web.EnsureUser($owner), $null, "");
# Give permissions to the group
$assign = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$group]);
$assign.RoleDefinitionBindings.Add($web.RoleDefinitions[$perm])
$web.RoleAssignments.Add($assign)
Write-Host -ForegroundColor green "Creating sharepoint group - " $currentgroup;
}
$site.Dispose();
}
# Function to add users to the specified group
function addUser
{
# Open a connection to the sharepoint site and then select the sub site you want
$themail = $prop.mail
$thedisplay = $prop.displayname
if ($themail -eq "")
{
$themail = "testaccount@something.com"
}
if ($thedisplay -eq "")
{
$thedisplay = "Account, Test"
}
if ($themail -eq $null)
{
$themail = "testaccount@something.com"
}
if ($thedisplay -eq $null)
{
$thedisplay = "Account, Test"
}
$TheNewGroup = $OpenWeb.SiteGroups | Where-Object {$_.Name -match $currentGroup}
$TheNewGroup.AddUser("garr\" + $prop.samaccountname,$themail,$prop.displayname,"")
#write-host "Added: " $thedisplay -foregroundcolor Red
}
# Function to remove people - be careful using this script :(
function removeUser
{
#Might be able to pull this value from before...let's give it a try
#$TheNewGroup = $OpenWeb.SiteGroups | Where-Object {$_.Name -match $currentGroup}
#$TheNewGroup.AddUser("garr\" + $prop.samaccountname,$themail,$prop.displayname,"")
$TheNewGroup.Remove("garr\" + $prop.samaccountname)
}
# Now onto the real stuff
Write-host "Searching for Groups" -foregroundcolor Green
# Clear out the existing text file so we have a clean slate
$file = New-Item -type file "C:\Powershell\allGroups.txt" -Force
# Execute the Group Dump Script
C:\Powershell\test.ps1 | Out-File -filepath "C:\PowerShell\allGroups.txt" -append
# Clean up the list by removing duplicates and sorting everything
$TextFile = $TextFile = "C:\Powershell\allGroups.txt"
$NewTextFile = "C:\Powershell\allGroups - Sorted.txt"
GC $TextFile | Sort | GU > $NewTextFile
# Use LDAP to connect to Active Directory
#region
$Dom = 'LDAP://OU=yeah,OU=Users,OU=sdfsdfsdf,DC=something,DC=com'
$Root = New-Object DirectoryServices.DirectoryEntry $Dom
#endregion
# Create a selector and start searching from the Root of AD
#region
$selector = New-Object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root
#endregion
# Integer to compare file length
$c=0
# Get the Group text file's length and write to scree and variable
$fileLength = [System.IO.File]::ReadAllText($NewTextFile).Split("`n").Count
Write-Host "Found " $fileLength "Groups in Active Directory" -foregroundcolor Magenta
# Integer for thumbing through 'memberOf' in active directory
$d = 0
# Integer for the amount of of users found
$f = 0
# Start a while loop where we read through the entire groups text file
while ($c -le $fileLength)
{
# Increment the line number for the next pass through
$c++
# Grab the first line of text from the groups file (Really the 0th line) and then tell the user
$currentGroup = (Get-Content $NewTextFile)[$c]
# Create the group
CreateGroup
#Write-Host "Created Group: " $currentGroup -foregroundcolor Red
#
Write-host $c "/" $fileLength "`t" $currentGroup -foregroundcolor Red
# Query Active directory and force some commands
$adobj= $selector.findall() | where {$_.properties.objectcategory -match "CN=Person"}
foreach ($person in $adobj)
{
# Variable for the different properties to reduce fatigue
$prop=$person.properties
# The Department
$department = $prop.department
# Sir Name
$sn = $prop.sn
# Given Name
$gn = $prop.givenname
$un = $prop.samaccountname
# Assign the really long memberof to a variable
$memberof = $person.properties["memberof"]
# Length of memberof
$memberofcount = $test.Count
# Loop for each group the member is in
while ($d -le $memberof.Count)
{
$blah = ForEach-Object{`
$memberof[$d]`
-replace "CN=",""`
-replace ",OU=San Diego Office",""`
-replace ",DC=something",""`
-replace ",DC=com","" `
-replace ",OU=LA Office",""
}
# Incriment the d
$d++
# Is that user in the group?
if ($blah -eq $currentGroup)
{
# Hey look we found somebody in that group :)
Write-host "`t`t`t" $un -foregroundcolor Magenta
addUser
$f++
}
#elseif ($blah -ne $currentGroup)
#{
# removeUser
#}
else
{
# Oh noes...nobody is in that group...that is strange
}
}
# Are we at the end of what the user has
if ($d -ge $memberofs.Count)
{
# Looks like we are :)
$d=0
}
}
# Display amount of users found
#Write-Host "`t`t`t" $f " user(s) found"
$f = 0
}
# Stop Watch
$sw.Stop()
# Write the compact output to the screen
write-host "Updated in Time: ", $sw.Elapsed.ToString()
#This space is saved for future development
答案 0 :(得分:1)
要启用安全更改审核,请转到网站集根目录的“网站设置”页面,然后选择编辑用户和权限。收集审核数据后,您应该会看到审核日志报告下的报告。
然后,您可以使用SPAuditQuery使用对象模型检索数据。请参阅SPAuditEventType枚举,了解可以过滤的事件类型。看起来你需要SecGroupMemberAdd和SecGroupMemberDel。
最后,使用SPRoleAssignment和SPRoleDefinition类更改组成员资格。 This和this博文应告诉您使用这些内容时需要了解的所有信息。
答案 1 :(得分:0)
这不干净或除了它有效之外的任何东西:)
Clear
#region Reference the assembly / GAC that we need for this
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
$SPSite = New-Object Microsoft.SharePoint.SPSite("https://extranet.something.com")
$OpenWeb = $SpSite.OpenWeb("/")
#endregion
#region Add some eye candy :)
write-host " _ ____ ____ " -foregroundcolor Magenta
write-host " / \ | _ \ / ___| _ _ _ __ ___ " -foregroundcolor Magenta
write-host " / _ \ | | | |____\___ \| | | | '_ \ / __|" -foregroundcolor Magenta
write-host " / ___ \| |_| |_____|__) | |_| | | | | (__ " -foregroundcolor Magenta
write-host "|_/ \_\____/ |____/ \__, |_| |_|\___|" -foregroundcolor Magenta
write-host " |___/ " -foregroundcolor Magenta
Write-Host " Version 2.0" -foregroundcolor Red
Write-Host " Build 2009 09-30 14:00" -foregroundcolor Red
Write-host " Created by Mitchell J. Skurnik" -foregroundcolor Red
#endregion
#region Create the stopwatch and some other things
[System.Diagnostics.Stopwatch] $sw;
$sw = New-Object System.Diagnostics.StopWatch
$sw.Stop()
$sw.Start()
$splist = "C:\Powershell\Users from SharePoint\"
$adlist = "C:\Powershell\Users in Groups\"
#endregion
#region Functions to add/delete users and groups
# Function to control Adding groups
function creategroup
{
param ([string] $siteurl = "https://extranet.something.com")
$site = New-Object Microsoft.SharePoint.SPSite($siteurl)
$web = $site.RootWeb;
$group = $currentgroup;
$perm = "Read";
$owner = "jdoe";
if ($owner -eq "") { $owner = $web.CurrentUser.LoginName }
$exists = $web.SiteGroups | where { $_.Name -eq $group }
if ($exists -eq $null)
{
# Create group
$web.SiteGroups.Add($group, $web.EnsureUser($owner), $null, "");
# Give permissions to the group
$assign = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$group]);
$assign.RoleDefinitionBindings.Add($web.RoleDefinitions[$perm])
$web.RoleAssignments.Add($assign)
Write-Host -ForegroundColor green "Creating sharepoint group - " $currentgroup;
}
$site.Dispose();
}
# Function to add users to the specified group
function addUser
{
# Open a connection to the sharepoint site and then select the sub site you want
$themail = $prop.mail
$thedisplay = $prop.displayname
if ($themail -eq "") {$themail = "testaccount@something.com"}
if ($thedisplay -eq "") {$thedisplay = "Account, Test"}
if ($themail -eq $null) {$themail = "testaccount@something.com"}
if ($thedisplay -eq $null) {$thedisplay = "Account, Test"}
$TheNewGroup = $OpenWeb.SiteGroups | Where-Object {$_.Name -match $currentGroup}
$TheNewGroup.AddUser("WRKGRP\" + $prop.samaccountname,$themail,$prop.displayname,"")
}
# Function to verify people
function verifyUsers
{
param ([string] $verify_sitepath="https://extranet.something.com")
$verify_site=new-object Microsoft.SharePoint.SPSite($verify_sitepath)
$verify_web=$verify_site.Rootweb
$verify_web.site.url
$verify_groups = $verify_web.groups | ? {$_.Name -match "^.*$CurrentGroup" }
foreach($verify_group in $verify_groups)
{
foreach($verify_user in $verify_group.users)
{
$verify_user = $verify_user -replace "WRKGRP\\",""
Write-Output "$verify_user" | Out-File -filepath "$splist$currentGroup.txt" -append
}
}
$strReference = get-Content "C:\Powershell\Users from SharePoint\$currentgroup.txt"
$strDifference = get-Content "C:\Powershell\Users in groups\$currentgroup.txt"
#Compare-Object $strReference $strDifference
Compare-Object $strReference $strDifference | `
Where-Object { $_.SideIndicator -eq "<=" } | `
ForEach-Object
{
$TheNewGroup = $OpenWeb.SiteGroups | Where-Object {($_.Name -match $currentGroup)}
$theuser = $verify_web.AllUsers.Item("WRKGRP\$_.InputObject")
$TheNewGroup.RemoveUser($theuser)
Write-host "Deleting user: {0} from $currentgroup" -f $_.InputObject -foregroundcolor Red
}
}
#endregion
Write-host "Searching for Groups" -foregroundcolor Green
#region Create and delete some text files
# Clear out the existing text files so we have a clean slate
$file = New-Item -type file "C:\Powershell\allGroups.txt" -Force
#WARNING DO NOT CHANGE TO SAME DIRECTORY WHERE THE POWERSHELL SCRIPT IS
ls 'C:\Powershell\Users in groups' | remove-item
ls 'C:\Powershell\Users from SharePoint' | remove-item
# Execute the Group Dump Script
C:\Powershell\test.ps1 | Out-File -filepath "C:\PowerShell\allGroups.txt" -append
# Clean up the list by removing duplicates and sorting everything
$TextFile = $TextFile = "C:\Powershell\allGroups.txt"
$NewTextFile = "C:\Powershell\allGroups - Sorted.txt"
GC $TextFile | Sort | GU > $NewTextFile
#endregion
#region Connect to LDAP and set up some variables
# Use LDAP to connect to Active Directory
$Dom = 'LDAP://OU=Sales Accounts,OU=Users,OU=Home Office,DC=something,DC=com'
$Root = New-Object DirectoryServices.DirectoryEntry $Dom
# Create a selector and start searching from the Root of AD
$selector = New-Object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root
# Get the Group text file's length and write to scree and variable
$fileLength = [System.IO.File]::ReadAllText($NewTextFile).Split("`n").Count
Write-Host "Found " $fileLength "Groups in Active Directory" -foregroundcolor Magenta
$c = 0 # Integer to compare file length
$d = 0 # Integer for thumbing through 'memberOf' in active directory
$f = 0 # Integer for the amount of of users found
#endregion
# Start a while loop where we read through the entire groups text file
while ($c -le $fileLength)
{
$c++ # Increment the line number for the next pass through
$currentGroup = (Get-Content $NewTextFile)[$c] # Grab the first line of text from the groups file
CreateGroup # Create the group
Write-host $c "/" $fileLength "`t" $currentGroup -foregroundcolor Red
# Query Active directory and force some commands
$adobj= $selector.findall() | where {$_.properties.objectcategory -match "CN=Person"}
foreach ($person in $adobj)
{
$prop=$person.properties # Variable for the different properties to reduce fatigue
$department = $prop.department # The Department
$sn = $prop.sn # Sir Name
$gn = $prop.givenname # Given Name
$un = $prop.samaccountname # Account Name
$memberof = $person.properties["memberof"] # Assign the really long memberof to a variable
$memberofcount = $test.Count # Length of memberof
# Loop for each group the member is in
while ($d -le $memberof.Count)
{
$blah = ForEach-Object{`
$memberof[$d]`
-replace "CN=",""`
-replace ",OU=Regional Sales",""`
-replace ",DC=something",""`
-replace ",DC=com","" `
-replace ",OU=LA Offices",""
}
$d++ # Incriment the d
if ($blah -eq $currentGroup) # Is that user in the group?
{
Write-host "`t`t`t" $un -foregroundcolor Magenta
$un | Out-File -filepath "C:\Powershell\Users in groups\$currentGroup.txt" -append
adduser
$f++
}
}
if ($d -ge $memberofs.Count) { $d=0 }
}
verifyUsers #Verify that the user is supposed to be in there :)
#Write-Host "`t`t`t" $f " user(s) found"
$f = 0
}
#region The End
# Stop Watch
$sw.Stop()
write-host "Updated in Time: ", $sw.Elapsed.ToString()
#endregion