我想请求帮助来创建一个要求输入AD用户名的powershell,然后列出他所属的所有组,并显示成员资格对象的规范名称。
例如:
John doe
安全组1 | domain.com/path/path/path/path
安全组1 | domain.com/path/path/path/path
等等...
我试图把我从各地找到的组件拼凑起来,但我无法发现任何可行的东西。感谢任何帮助!
克林格
答案 0 :(得分:0)
你可以这样做:
#import AD PS module (mandatory)
Import-Module ActiveDirectory
#ask for user login
$userLogin = Read-Host "Enter Windows login (exact value)"
#get user info from AD including an additional property not in the default set
$userObject = Get-ADUser $userLogin -Properties DisplayName, MemberOf
#echo user's full name
$userObject.DisplayName
#for each group of which user is member
foreach($group in $userObject.MemberOf) {
#get group info from AD including an additional property not in the default set
$groupObject = Get-ADGroup $group -Properties CanonicalName
#echo group name, a pipe, and group CN
$groupObject.Name + " | " + $groupObject.CanonicalName
}