如何将Get-AdGroupMember的每个结果发送到我的阵列?

时间:2014-09-10 16:04:22

标签: arrays powershell active-directory active-directory-group activedirectorymembership

我正在尝试递归NTFS文件夹结构,并输出一个CSV文件,该文件仅显示每个USER帐户,仅对文件夹具有权限。脚本中的所有内容都会正确输出发现组的部分,并继续使用Get-ADGroupMember枚举该组中的用户。在调试时,我可以看到组内的每个用户(甚至是嵌套组)都被输出,但我想我没有正确地“排列”命令的每个输出并将其发送到我的“out”数组。

我标记了我遇到问题的部分。任何帮助人员都可以提供非常感谢。谢谢!

$Answer = Read-Host 'Do you wish to use an answer file? File must be named answer.csv and must reside in same directory as script. (Default is [N])'
If ($Answer -eq "y") {
  $AnsFile = Import-Csv answer.csv | Select src,outdir,domain,user,pwd
  $List_Dir = $AnsFile.src
  $OutPath = $AnsFile.outdir
  $DomainName = $AnsFile.domain
  $Admin = $AnsFile.user
  $Pwd = $AnsFile.pwd
  }
Else {
  Do {
  $List_Dir = Read-Host 'Enter the directory path to be searched/recursed'
  $TestList_Dir = Test-Path $List_Dir
    If ($TestList_Dir -eq $True) {Write-Host "List directory checks out..."}
    Else {Write-Host "Incorrect source directory.  Please try again." -foregroundcolor red -backgroundcolor yellow}
   }
  While ($TestList_Dir -eq $False)

  Do {
  $OutPath = Read-Host 'Enter the directory path where the output files will be saved.  Do not add a trailing slash.'
  $TestOutPath = Test-Path $OutPath
    If ($TestOutPath -eq $True) {Write-Host "Output path checks out..."}
    Else {Write-Host "Incorrect output path.  Please try again." -foregroundcolor red -backgroundcolor yellow}
   }
  While ($TestOutPath -eq $False)
  $DomainName = Read-Host 'Enter the non-distinguished name of the Active Directory domain'
  $Admin = Read-Host 'Type in an administrative account with rights to read AD Security Groups'
  $Pwd = Read-Host 'Enter the adminstrative account password'
}

$Folder_Array = @()

write-host "List directory = $List_Dir"
write-host "Output path = $OutPath"
write-host "Domain = $DomainName"
write-host "Admin account = $Admin"
write-host "Password = $Pwd"

Import-Module ActiveDirectory

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$CType = [DirectoryServices.AccountManagement.ContextType]::Domain
$IDType = [DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$DomainContext = New-Object DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $CType, $DomainName, $Admin, $Pwd

#$pat = "^[a-zA-Z0-9_:.]+$"
$pat = "^[a-zA-Z0-9_:.\]+$]"

get-childitem $List_Dir -recurse | where-object {$_.psIsContainer -eq $true} | foreach-object {
   $a = ($_.FullName)
   $d = $a -match $pat
   $e = (get-acl $_.FullName).Access

    foreach ($e1 in $e) {
      $f = $e1.FileSystemRights
      $g = $e1.AccessControlType
      $SecID = $e1.IdentityReference
        foreach ($Sec in $SecID) {
          $GroupPrincipal = [DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($DomainContext, $IDType, $Sec)
          if ($GroupPrincipal -ne $null) {
            $Sec = $Sec.ToString()
            $Sec = $Sec.Split("\")[1]
            Get-AdGroupMember $Sec -Recursive | ForEach-Object {
              $User = ($_.SamAccountName)
                foreach ($u in $User) {
                $out = new-object psobject 
                $out | add-member noteproperty Path $a
                $out | add-member noteproperty Unix_Safe $d
                $out | Add-Member NoteProperty UserAccount $u
                $out | add-member noteproperty Permission $f
                $out | add-member noteproperty AccessType $g

                $Folder_Array += $out  
                }
             }
           }
           else {
          $e2 = $Sec.ToString()
          $e2 = $e2.split("\")[1]
          $out = new-object psobject 
          $out | add-member noteproperty Path $a
          $out | add-member noteproperty Unix_Safe $d
          $out | Add-Member NoteProperty UserAccount $e2
          $out | add-member noteproperty Permission $f
          $out | add-member noteproperty AccessType $g

          $Folder_Array += $out
          }
         }
        }
}

$Folder_Array | Select Path,UserAccount,Permission,AccessType,Unix_Safe | Export-Csv "$OutPath\folderonly.csv" -NoTypeInformation

1 个答案:

答案 0 :(得分:0)

问题不在于 你是怎么做的,而是你在做什么时。让我解释一下...... 

       Get-AdGroupMember $Sec -Recursive | ForEach-Object {
          $User = ($_.SamAccountName)
            foreach ($u in $User) {
              $e2 = $u
            }
         }
       }

************* ******** 

      else {
      $e2 = $Sec.ToString()
      $e2 = $e2.split("\")[1]
      }
     }
    }

$ out = new-object psobject    $ out | add-member noteproperty Path $ a    $ out | add-member noteproperty Unix_Safe $ d    $ out | Add-Member NoteProperty UserAccount $ e2    $ out | add-member noteproperty权限$ f    $ out | add-member noteproperty AccessType $ g

$ Folder_Array + = $ out 鉴于此,如果它是一个组,您将该组的所有用户都设置为用户数组$User,然后通过该数组,并分配每个用户,一段时间,到$e2。完成后,您可以创建对象,并将该对象添加到数组中以进行输出。

假设该组有3个用户,汤姆,迪克和哈维(哈利很忙,他派他的兄弟代替)。所以现在:

$User = @("Tom","Dick","Harvey")

然后你循环,将每个分配给$e2,基本上就是这个(这里有一些伪代码):

If(is a group){
$User = Get-ADGroup |select -expand samaccountname
ForEach($u in $User){
$e2 = "Tom"
<Next item in array>
$e2 = "Dick"
<next item in array>
$e2 = "Harvey"
<No more items in array, end ForEach>

现在,当它继续创建你的对象$e2 = "Harvey"时,汤姆和迪克只是运气不好。要解决这个问题,我们有选择。之一:

A)将对象创建移动到循环的If / Else部分内部,特别是每次分配$e2时创建一个对象,并在创建后立即将这些对象添加到输出数组中。

或:

B)通过更改将其设置为读取$e2$e2 += $u的所有引用,使$e2 = ,$Sec.ToString().Split("\")[1]成为数组。然后当您创建对象时,请执行以下操作:

ForEach($User in $e2){
    $Folder_Array += [PSCustomObject][Ordered]@{
        'Path' = $a
        'Unix_Safe' = $d
        'UserAccount' = $User
        'Permission' = $f
        'AccessType' = $g
    }
}
相关问题
最新问题