到目前为止,我有这个:
Get-ADDomainController -filter * |
% {Get-ADUser -Filter "Enabled -eq 'True'" -server $_.name -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,LastLogon,Manager,Title,Department,Organization,Enabled -SearchBase "DC=webcoindustries,DC=com" |
? {$_.EmployeeID -notlike "EXCLUDE" } |
Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}},Manager,Title,Department,Organization,Enabled |
Export-Csv "C:\scripts\AD_Export_Test\AD_Export_$($_.name).csv"}
这只会将LastLogon拉入多个CSV文件(每个域控制器1个)。但是,我想要做的是让脚本也拉上LastLogonTimeStamp,比较两者,然后使用最近的那个。我还想将完整的最终结果只放在一个最终的CSV文件中。这可能都在一个脚本中吗?
答案 0 :(得分:0)
我认为在Group循环中使用简单Sort,后跟Select -First 1和ForEach可以解决此问题。
Get-ADDomainController -filter * |
% {Get-ADUser -Filter "Enabled -eq 'True' -and EmployeeID -notlike 'EXCLUDE'" -server $_.name -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,LastLogon,Manager,Title,Department,Organization,Enabled -SearchBase "DC=webcoindustries,DC=com" |
Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}},Manager,Title,Department,Organization,Enabled}|
Group samaccountname |
ForEach{$_.Group | Sort LastLogon -Descending | Select -First 1} |
Export-Csv "C:\scripts\AD_Export_Test\AD_Export.csv" -NoTypeInformation
我还将您的EmployeeID -notlike "EXCLUDE"过滤器从Where语句转移到了Get-ADUser过滤器中,并删除了Where语句
答案 1 :(得分:0)
要获取所有域控制器中最近一次登录的用户列表,只要找到尚未在哈希表中的用户或具有更新近期登录的用户,就会将用户名存储在hashtable中。时间戳:
$users = @{}
Get-ADDomainController | % {
Get-ADUser -Filter "Enabled -eq 'True'" -Server $_.Name -Property lastLogon | % {
$user = $_.SamAccountName
$time = [DateTime]::FromFileTime($_.lastLogon)
if (-not $users.Contains($user) -or $users[$user] -lt $time) {
$users[$user] = $time
}
}
}
之后,哈希表可以导出为这样的CSV:
$users.GetEnumerator() | % {
New-Object -Type PSCustomObject -Property [ordered]@{
SamAccountName = $_.Name
LastLogon = $_.Value
}
} | Export-Csv 'C:\path\to\lastlogons.csv' -NoType
或者,如果您确实需要其他属性,例如:
$attributes = 'Name', 'SamAccountName', 'Description', 'EmployeeID',
'EmployeeNumber', 'EmailAddress', 'Manager', 'Title',
'Department', 'Organization', 'Enabled'
Get-ADUser -Filter "Enabled -eq 'True'" -Property $attributes |
select $attributes, @{n='LastLogon';e={$users[$_.SamAccountName]}} |
Export-Csv 'C:\path\to\lastlogons.csv' -NoType
答案 2 :(得分:0)
我们使用以下函数来确定lastlogon
function Measure-LoggedOn {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=0)]
$DistinguishedName,
[string[]]$DomainControllers
)
$RealLastLogon = $null
$LastusedDC = $null
foreach ($DomainController in $DomainControllers) {
try{
$Obj = $null
$Obj = Get-ADObject -Identity $DistinguishedName -Properties LastLogon -Server $DomainController
Write-Verbose "[$($Obj.Name)] Last logon on $DomainController : $([DateTime]::FromFileTime($Obj.LastLogon))"
if ($RealLastLogon -le [DateTime]::FromFileTime($Obj.LastLogon)) {
$RealLastLogon = [DateTime]::FromFileTime($Obj.LastLogon)
$LastusedDC = $DomainController
}
} catch {
Write-Warning "Error checking LastLogon attribute for $DistinguishedName on Domain Controller $DomainController"
}
}
return $RealLastLogon
}
这样,您可以使用以下代码将属性导出为CSV:
# Outside the loop, determine al DCs
$ADInfo = Get-ADDomain
[string[]]$DCs = $ADInfo.ReplicaDirectoryServers
Get-ADUser -Filter "Enabled -eq 'True'" -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,Manager,Title,Department,Organization,Enabled -SearchBase "DC=webcoindustries,DC=com" | `
? {$_.EmployeeID -notlike "EXCLUDE" } | `
Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='Last Logon'; E={(Measure-LoggedOn -DistinguishedName $_.DistinguishedName -DomainControllers $DCs)}},Manager,Title,Department,Organization,Enabled | `
Export-Csv "C:\scripts\AD_Export_Test\AD_Export.csv" -NoTypeInformation