想要编写一个powershell脚本,它将拉动所有AD用户,他们的组成员资格和组描述字段。
我一直在使用两个脚本来完成此操作,只需在excel中手动操作它们。任何组合它们的尝试都会遇到错误。
Import-module activedirectory
$ou ="DC=ptop,DC=loc"
Get-ADGroup -Filter * -SearchBase $OU | select -expandproperty name | % {
$group= "$_"
$result += Get-ADGroupMember -identity "$_" | select @{n="Group";e={$group}},name
}
$result | export-csv 'c:\users\membership.csv' -notypeinformation
和
Import-Module ActiveDirectory
$Groups = ForEach ($G in (Get-ADGroup -Filter * ))
{
$UN = Get-ADGroup $G -Properties Description | select name, description
New-Object PSObject -Property @{
Desc=$UN.description
Name=$UN.name
}
}
$Groups | Export-CSV C:\users\GroupDesc.csv -notypeinformation
答案 0 :(得分:1)
我希望我能做到这一点,这将吸引所有用户从AD中获取每个用户所在的群组(包括群组描述)。一切都完成后,将信息放入csv。
Import-Module ActiveDirectory
$OU = "DC=ptop,DC=loc"
#$allUsers = Get-ADUser -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" # all users that are enabled
#$allUsers = Get-ADUser -Filter * # all users
$allUsers = Get-ADUser -Filter * -SearchBase $OU
$results = @()
foreach($user in $allUsers)
{
$userGroups = Get-ADPrincipalGroupMembership -Identity $user
foreach($group in $userGroups)
{
$adGroup = Get-ADGroup -Identity $group -Properties Description
$results += $adGroup | Select-Object -Property @{name='User';expression={$user.sAMAccountName}},Name,Description
}
}
$results | Export-Csv -Path 'C:\Membership.csv' -NoTypeInformation -Encoding Unicode