Question

我有两个用于组策略安全过滤的安全组。这些用于每月错开Windows更新。已经出现的问题是，我无法跟上上线的新服务器。所以我想自动化一个powershell脚本，它会通过电子邮件向我发送一组在A组或B组中找不到的服务器。我有一些代码，但我似乎无法把它包裹起来

    #Grab the computer names from the first security group
    $group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
    $members1 = Get-ADGroupMember -Identity $group1 | select -Expand Name

    #Grab the computer names from the second security group
    $group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'
    $members2 = Get-ADGroupMember -Identity $group2 | select -Expand Name

    #grab all computer obejects that are servers from AD and list the names not found in either security group
    (Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))").Name | ? { $members1 -notcontains $_.Name -and $members2 -notcontains $_.Name }

Answer 1

您将Get-ADComputer命令包装在().Name中，以便返回一串名称属性的字符串。将Name字符串与计算机对象进行比较时，它将无法很好地进行比较。试试这个方法：

#Grab the computer names from the first security group
$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'

#grab all computer obejects that are servers from AD and list the names not found in either security group
Get-ADComputer `
    -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))" `
    -Properties MemberOf | 
Where-Object {
    ( $_.MemberOf -notcontains $Group1.DistinguishedName ) -and
    ( $_.MemberOf -notcontains $Group2.DistinguishedName )
} |
Select-Object -ExpandProperty Name

查找不在A组或B组中的计算机帐户

1 个答案: