我编写了以下脚本,列出了所有"承包商" (employeetype=contractors)的用户,而不是像#34;域承包商那样的特定群体的一部分"但它不起作用,可以帮助一些人:)
$adusers = get-aduser -filter * -searchbase "OU=test,dc=domain,dc=com" -properties employeetype | where {($_.employeetype -like "contractor") -AND ($_.enabled -eq $true)}
foreach ($aduser in $adusers){
$contractorsDn = (Get-ADGroup 'domaincontractors').DistinguishedName
Get-ADUser $aduser -LDAPFilter "(!(memberof=$contractorsDn))"
}
答案 0 :(得分:0)
$ users = get-aduser -filter {(employeetype -like“contractor”)-AND(enabled -eq $ true)} - searchbase“dc = domain,dc = COM”-properties employeetype $ group =“Domaincontractors”
$ members = Get-ADGroupMember -Identity $ group -Recursive |选择-ExpandProperty DistinguishedName
ForEach($ users in $ users){
If ($members -contains $user) {
write-host "$user exists" -ForegroundColor Red
}其他{ write-host“$ user doesnt exists”-ForegroundColor Green }}