出于某种原因,这个脚本工作得很完美,除了它没有拉动"域用户"小组,有人知道为什么或如何得到它?它拉动了所有其他团体。
Import-Module Activedirectory
Get-ADUser -Filter * -Properties * | sort SamAccountName | % {
New-Object PSObject -Property @{
"First" = $_.givenName
"Init" = If($_.Initials -eq $null){Write-Host ""} else {$_.Initials}
"Last" = $_.SN
"Enabled" = $_.Enabled
"Logon Name" = $_.samaccountname
"UserName" = $_.DisplayName
"Pass Last Set" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet}
"Pass Expiration" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet.AddDays(270)}
"Pass Expired" = $_.PasswordExpired
"Days Til Exp" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {($_.PasswordLastSet.AddDays(270) - [DateTime]::Now)}
"Pass Never Expires" = $_.PasswordNeverExpires
"Account Created" = $_.whenCreated
"Last Logon" = $_.LastLogonDate
"Email Address" = $_.EmailAddress
Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty SamAccountName) -join ", "
}
} | Select "Logon Name",First,Init,Last,Enabled,"Pass Last Set","Pass Expiration","Pass Expired","Days Til Exp","Pass Never Expires","Last Logon","Email Address",Groups
我注意到即使使用Quest Snapin也无法吸引域用户
Add-PSSnapin Quest.ActiveRoles.ADManagement
$strUserName = "username"
$strUser = get-qaduser -SamAccountName $strUserName
$strUser.memberof
答案 0 :(得分:1)
您没有看到它,因为" 大多数用户的域用户"是the Primary Group。在AD用户和计算机中,它们出现在同一列表中,但它们是属性的组合。
使用AD cmdlet,您可以使用Get-AdUser的PrimaryGroup
属性找到它。
PS C:\Users\matt> Get-ADUser matt -Properties PrimaryGroup | Select-Object -ExpandProperty PrimaryGroup
CN=Domain Users,CN=Users,DC=BA,DC=NET
更多符合您正在使用的Get-ADPrincipalGroupMembership
cmdlet。
Get-ADPrincipalGroupMembership matt
distinguishedName : CN=Domain Users,CN=Users,DC=DOMAIN,DC=NET
GroupCategory : Security
GroupScope : Global
name : Domain Users
objectClass : group
objectGUID : d2745cb0-7f6d-4ada-a44c-0926a0950a74
SamAccountName : Domain Users
SID : S-1-5-21-961215277-3068250917-3774519051-513