我需要查询AD OU并列出所有具有多个关于其帐户和组成员身份属性的用户。 CSV格式为:
First Name Last Name SamAct Active New-UserGroup Old-UserGroup
BIll Gates bill.gates YES YES NO
Steve Jobs steve.jobs NO No YES
是,否是“他是否活跃”和“他是否是这个团体的成员”
我几乎完成了以下代码,但我无法弄清楚如何正确判断他是否是团体成员。
有什么建议吗?
function getADAccountStatus($adUserObj)
{
if($adUserObj.AccountIsDisabled)
{ return "NO";}
else { return "YES";}
}
function getNGStatus($adUserObj)
{
if($_.memberof -contains 'New_Usergroup')
{return "YES"; }
else {return "NO"; }
}
$ReportPath = "c:\scripts\report.csv"
$ou = 'OU=Group,DC=domain,DC=com'
$records = Get-QADUser -SearchRoot $ou | Select LastName,FirstName,SamAccountName,memberof
$records | foreach{
new-object psobject -Property @{
$LastName = $_.LastName
$FirstName = $_.FirstName
Account = $_.SamAccountName
Active = getADAccountStatus($_)
NG = getATCStatus($_)
}} | Select $LastName,$FirstName,Account,Active,NG | Export-Csv $ReportPath -Force -ErrorAction Stop -NoTypeInformation
答案 0 :(得分:0)
memberOf属性包含用户辅助组的可分辨名称列表,因此您必须像这样检查:
function getNGStatus($adUserObj) {
$groupName = 'CN=New_Usergroup,CN=Users,DC=example,DC=com'
if ($adUserObj.memberOf -contains $groupName) {
return "YES"
} else {
return "NO"
}
}
答案 1 :(得分:0)
以下是我的工作:
function getADAccountStatus($adUserObj)
{
if($adUserObj.AccountIsDisabled)
{
return "NO";
}
else
{
return "YES";
}
}
function getNGStatus($adUserObj)
{
$group = @(($_.MemberOf -split (“,”) | Select-string -SimpleMatch "CN=") -replace “CN=”,”")
if($group -contains 'New_Usergroup')
{
return "YES";
}
else
{
return "NO";
}
}
$ReportPath = "c:\scripts\report.csv"
$ou = 'OU=Group,DC=domain,DC=com'
$records = Get-QADUser -SearchRoot $ou | Select LastName,FirstName,SamAccountName,memberof
$records | foreach{
new-object psobject -Property @{
LastName = $_.LastName
FirstName = $_.FirstName
Account = $_.SamAccountName
Active = getADAccountStatus($_)
NG = getNGStatus
}} | Select LastName,FirstName,Account,Active,NG | Export-Csv $ReportPath -Force -ErrorAction Stop -NoTypeInformation