Get-ADGroup拉动所有组,但域用户

时间:2015-06-10 19:46:28

标签: powershell active-directory

出于某种原因,这个脚本工作得很完美,除了它没有拉动"域用户"小组,有人知道为什么或如何得到它?它拉动了所有其他团体。

Import-Module Activedirectory
Get-ADUser -Filter * -Properties * | sort SamAccountName | % {
  New-Object PSObject -Property @{
    "First" = $_.givenName
    "Init" = If($_.Initials -eq $null){Write-Host ""} else {$_.Initials}
    "Last" = $_.SN
    "Enabled" = $_.Enabled
    "Logon Name" = $_.samaccountname
    "UserName" = $_.DisplayName
    "Pass Last Set" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet}
    "Pass Expiration" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet.AddDays(270)}
    "Pass Expired" = $_.PasswordExpired
    "Days Til Exp" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {($_.PasswordLastSet.AddDays(270) - [DateTime]::Now)}
    "Pass Never Expires" = $_.PasswordNeverExpires
    "Account Created" = $_.whenCreated
    "Last Logon" = $_.LastLogonDate
    "Email Address" = $_.EmailAddress

    Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty SamAccountName) -join ", "
    }
} | Select "Logon Name",First,Init,Last,Enabled,"Pass Last Set","Pass Expiration","Pass Expired","Days Til Exp","Pass Never Expires","Last Logon","Email Address",Groups

我注意到即使使用Quest Snapin也无法吸引域用户

Add-PSSnapin Quest.ActiveRoles.ADManagement

$strUserName = "username"
$strUser = get-qaduser -SamAccountName $strUserName
$strUser.memberof

1 个答案:

答案 0 :(得分:1)

您没有看到它,因为" 大多数用户的域用户"是the Primary Group。在AD用户和计算机中,它们出现在同一列表中,但它们是属性的组合。

使用AD cmdlet,您可以使用Get-AdUser的PrimaryGroup属性找到它。

PS C:\Users\matt> Get-ADUser matt -Properties PrimaryGroup | Select-Object -ExpandProperty PrimaryGroup
CN=Domain Users,CN=Users,DC=BA,DC=NET

更多符合您正在使用的Get-ADPrincipalGroupMembership cmdlet。

Get-ADPrincipalGroupMembership matt

distinguishedName : CN=Domain Users,CN=Users,DC=DOMAIN,DC=NET
GroupCategory     : Security
GroupScope        : Global
name              : Domain Users
objectClass       : group
objectGUID        : d2745cb0-7f6d-4ada-a44c-0926a0950a74
SamAccountName    : Domain Users
SID               : S-1-5-21-961215277-3068250917-3774519051-513