这似乎是我缺乏的一个领域。我已经编写了这个脚本,如果用户不在其他任何一个组中,并且只有他们有Exchange GUID,那么会将用户添加到1个组中,但由于来回调用AD,所以它通常很慢。我已尝试过使用哈希表的各种尝试,但我无法弄清楚如何从键中获取像MemberOf这样的子字符串属性。我看到了首先通过$hash = @{}收集数据的优势,但我的各种测试总是出现空的,因为我不明白如何从中获取字符串。这是我在尝试将其恢复到旧版本之后所拥有的...... Thx
Import-Module ActiveDirectory
$a = Get-Date
$Logs = "C:\scripts\SEC-E2010TierGroup3\SEC-E2010TierGroup3-additions_$((Get-Date).ToString('MM-dd-yyyy')).csv"
$Grp0 = "SEC-E2010TierGroup0"
$Grp1 = "SEC-E2010TierGroup1"
$Grp2 = "SEC-E2010TierGroup2"
$Grp3 = "SEC-E2010TierGroup3"
#$ADUserTable = @{}
$Users = Get-ADUser -server "dc114" -LdapFilter "(&(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))(&(objectCategory=person)(objectClass=user)(!objectClass=inetOrgPerson))(sAMAccountName=s0*)(!sAMAccountName=*-d)(!sAMAccountName=*-e)(!sAMAccountName=*-a)(!Name=Test*)(!Name=v-*)(!employeeID=\00))" -properties SamAccountName, DistinguishedName,Name, memberof, msExchMailboxGuid
<#ForEach-Object {
$ADUserTable[$_.SamAccountName] = $_
}#>
function Get-GroupMembership($DN,$group){
$objEntry = [adsi]("LDAP://"+$DN)
$objEntry.memberOf | where { $_ -match $group}
}
#Usage:
# Get-GroupMembership "DistinguishedName" "DomainAdmins"#>
<#$Active = #>ForEach ($user in $Users) {
$strName = $User.samaccountname
$DNUser = $User.distinguishedname
$strFilter = "(&(objectCategory=User)(samAccountName=$strName))"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.Filter = $strFilter
$objPath = $objSearcher.FindOne()
$objUser = $objPath.GetDirectoryEntry()
$Exch = $objUser.msExchMailboxGuid#>
#If here, has an Exchange Mailbox.(Get-GroupMembership "$UserDN" "$Grp0")
if ($Exch.count -eq 1){
If (Get-GroupMembership "$DNUser" "$Grp0") {(""+ $a +" [" + $User + "], User:[" + $User.value.Name + "] in SEC-E2010TierGroup0.") | Out-File -FilePath $Logs -Append
Continue}
If (Get-GroupMembership "$DNUser" "$Grp1") {(""+ $a +" [" + $User + "], User:[" + $User.value.Name + "] in SEC-E2010TierGroup1.") | Out-File -FilePath $Logs -Append
Continue}
If (Get-GroupMembership "$DNUser" "$Grp2") {(""+ $a +" [" + $User + "], User:[" + $User.value.Name + "] in SEC-E2010TierGroup2.") | Out-File -FilePath $Logs -Append
Continue}
If (!(Get-GroupMembership "$DNUser" "$Grp3")) {
(""+ $a +" [" + $User + "], User:[" + $User.value.Name + "] not in SEC-E2010TierGroup3. Adding to group3.") | Out-File -FilePath $Logs -Append}
}
#If here, no Exch Mailbox.
if ($Exch.count -eq 1) {(""+ $a +" [" + $User + "], User:[" + $User.value.Name + "] does not have Exchange GUID.") | Out-File -FilePath $Logs -Append
continue}
} #$Active | Export-csv C:\Scripts\SEC-E2010TierGroup3\SEC-E2010TIER-Pre-Implimentation-rpt_2-18-2016.csv -NoTypeInformation
答案 0 :(得分:0)
我无法真正完成这一切并重写整个内容,但我可以给出一些一般性建议。
当涉及到调用cmdlet时,请利用管道。通常,cmdlet知道如何以最有效的方式处理多个项目。当每个cmdlet调用都有开销时,例如调用AD cmdlet和特别是 Exchange cmdlet时,此效果将被放大。例如:
$users | ForEach-Object {
Get-Mailbox $_
}
VS
$users | Get-Mailbox
在第一次调用中,每个用户重复连接到交换的开销,但在第二个方案中只发生一次。
因此,在可能的情况下,尽可能少地调用远程cmdlet,将满足管道要求的集合构建到未来的远程cmdlet,并将它们管道输入。即使它似乎需要更多的处理,它也会运行得更快。 / p>