这里的脚本:
https://gallery.technet.microsoft.com/scriptcenter/Powershell-Get-users-who-b0420fe1
将返回主要组中存在的用户的结果,以及两个辅助组中的任何一个(感谢OP zperryz代码)。以下是我到目前为止的这个脚本版本。
我想为已停用的用户以及处于特定“保留”OU中的用户添加条件。在另一个脚本中,我已经能够这样做(显然是一个片段,而不是整个脚本):
| where {$_.Enabled -ne $False} `
| where {$_.DistinguishedName -notlike "*HOLD OU*"} `
我只是不确定将这些“注入”到下面的脚本中。 (未来的修改将返回更多信息,如DisplayName,Enabled& DistinguishedName,而不仅仅是登录。)
如果有人有一些建议,我会非常感激!这是今天的剧本:
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
get-adgroupmember $ADgroup1 `
| ForEach-Object {if(((GET-ADUSER –Identity $_.SamAccountName –Properties MemberOf `
| Select-Object MemberOf).MemberOf -replace '^CN=([^,]+).+$','$1') -eq "$ADgroup2" -or "$ADgroup3"){$_.SamAccountName `
| Out-File -append -filepath C:\Users\3Jake\Desktop\VPN_Users.txt}}
谢谢!
最终版本,全部都带有评论:
按原样,它设计为在控制台中运行,但如果需要,应该很容易更新以吐出文件。
# Define Variables
$ADgroup1 = "VPN Front Door"
$ADgroup2 = "VPN Full Access"
$ADgroup3 = "VPN Restricted Access"
$vpnGroups = $ADgroup2, $ADgroup3
# Collect users in $ADgroup1
# Also pass user properties forward
$UsersFound = (
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf, Name, SamAccountName, Company |
# Ignore disabled users & those in the "On HOLD" OU
Where {
$_.Enabled -ne $False -and
$_.DistinguishedName -notlike '*HOLD OU*'
} |
# Compare users in $ADgroup1 to the ones in $ADgroup2 and $ADgroup3
select Name, SamAccountName, Company,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
Where { $groups = @($_.Groups); $vpnGroups | Where { $groups -contains $_ } }
)
# Display count
Write-Host "Total = " $UsersFound.Count
# Prompt to show user info
$YN = Read-Host "Show Users? (Y/N)"
if ($YN -eq 'Y')
{
$UsersFound |
select Name, SamAccountName, Company |
Sort-Object name, company |
Out-GridView
}
else {exit}
答案 0 :(得分:0)
首先,你应该解开那个令人费解的if陈述。像这样的东西会更具可读性(并且更易于维护):
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 | ForEach-Object {
Get-ADUser -Identity $_.SamAccountName -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Append -Filepath 'C:\Users\3Jake\Desktop\VPN_Users.txt'
}
您甚至不需要ForEach-Object循环,因为Get-ADUser可以直接从管道中读取:
$vpnGroups = $ADgroup2, $ADgroup3
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Filepath 'C:\Users\3Jake\Desktop\VPN_Users.txt'
您可以在Get-ADUser:
Get-ADGroupMember $ADgroup1 |
Get-ADUser -Properties MemberOf |
? {
$_.Enabled -ne $False -and
$_.DistinguishedName -notlike '*HOLD OU*'
} |
select SamAccountName,
@{n='Groups';e={$_.MemberOf | Get-ADGroup | select -Expand Name}} |
? { $groups = @($_.Groups); $vpnGroups | ? { $groups -contains $_ } } |
select -Expand SamAccountName |
Out-File -Filepath 'C:\Users\3Jake\Desktop\VPN_Users.txt'