如果/其他指导

时间:2016-02-28 15:49:43

标签: powershell active-directory

基本上我正在做一些AD配置,想要提出一个脚本,不仅可以检查已创建的组,还可以更改,我已成功完成此操作但无法在一个脚本中完成所有操作

换句话说,如果它等于无,那么给我一个创建时的组结果然后给我改变结果。

到目前为止我还没有真正了解从哪里开始,任何人都可以对此有所了解。

#Imports AD
Import-Module activedirectory

# Checks the accounts created with in the week.The days can be modified for needs.
Get-ADGroup -Filter * -Properties whenCreated |
  Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(-07)).Date} 

# Checks the accounts changed with in the week, and creates a text file
# of the output. The days can be modified for needs.
Get-ADGroup -Filter * -Properties whenChanged |
  Where-Object {$_.whenChanged -ge ((Get-Date).AddDays(-07)).Date} |
  Out-File C:\PScript\ChangedADGroups.txt

所以我在一些人的帮助下调整了一下,我很感激。

目前脚本如下:

Import-Module ActiveDirectory

$CreatedThreshold = (Get-Date).AddDays(-7).Date
$ChangedThreshold = (Get-Date).AddDays(-7).Date

$CreatedGroups = @(Get-ADGroup -Filter {whenCreated -lt $CreatedThreshold})
$ChangedGroups = @(Get-ADGroup -Filter {whenChanged -ge $ChangedThreshold})

#now we can test how many it returned
if($CreatedGroups.Count -lt 1)
{
    "No new groups have been created since $CreatedThreshold"
}
else
{
    $CreatedGroups |Select-Object Name, WhenCreated, WhenChanged
}
# And then the same thing for the changed groups
if($ChangedGroups.Count -ge 1)
{
    "No new groups have been created since $ChangedThreshold"
}
else
{
    $ChangedGroups | Select-Object Name, WhenChanged | Out-File C:\PScript\ChangedADGroups.txt
}

但它仍然没有完全正常运行,因为它代表它显示域中的所有组以及创建具有相同信息的csv。

在更改和创建时仍未显示。

3 个答案:

答案 0 :(得分:0)

在编写任何脚本或编程之前,您应该清楚地了解目标。如果您无法用自然语言表达您想要的内容,则无法使用计算机语言对其进行编程。这似乎是问题所在。如果我理解你的陈述:

  

当然,换句话说,如果whenCreated ADGroups = 0的结果,那么我希望脚本继续前进并给出已更改的ADGroup列表。如果没有,则在一个输出中列出已创建和已更改。

您只想输出已创建所有组。一旦你能够对你想要的东西做出如此明确的陈述,就应该很容易写出来。

答案 1 :(得分:0)

在写入文件之前将返回的组分配给变量,这样您就可以在输出到文件之前检查已获得的结果数。

另外,避免"广泛"像*这样的过滤器 - 它将使域控制器返回所有组,而不仅仅是您需要的组:

Import-Module ActiveDirectory

$CreatedThreshold = (Get-Date).AddDays(-7).Date
$ChangedThreshold = (Get-Date).AddDays(-7).Date

$CreatedGroups = @(Get-ADGroups -Filter {whenCreated -ge $CreatedThreshold})

# now we can test how many it returned
if($CreatedGroups.Count -lt 1)
{
    "No new groups have been created since $CreatedThreshold" |Out-File C:\PScript\CreatedADGroups.txt
}
else
{
    $CreatedGroups |Select-Object Name,whenCreated |Out-File C:\PScript\CreatedADGroups.txt
}

# And then the same thing for the changed groups

答案 2 :(得分:0)

假设@Swonkie的解释是正确的,并且您想要在过去7天内创建或修改的所有组,我会建议这样的事情:

$threshold = (Get-Date).Date.AddDays(-7)

Get-ADGroup -Filter * -Properties whenCreated, whenChanged |
  Where-Object {
    $_.whenCreated -ge $threshold -or
    $_.whenChanged -ge $threshold
  } | Out-File 'C:\PScript\ChangedADGroups.txt'

选择实际需要的属性并将结果导出为CSV而不是编写常规文本文件可能是个好主意,因此您可以轻松地将文件作为电子表格导入,例如:

Get-ADGroup -Filter * -Properties whenCreated, whenChanged |
  Where-Object {
    $_.whenCreated -ge $threshold -or
    $_.whenChanged -ge $threshold
  } |
  Select-Object Name, SamAccountName, whenCreated, whenChanged |
  Export-Csv 'C:\PScript\ChangedADGroups.csv' -NoType
相关问题
最新问题