Question

我尝试返回域中所有安全组的CSV以及所有成员（包括其帐户状态（已启用或已停用）），但似乎无法确定如何从ADGroupMember加入到ADUser 。试图测试$Member.ObjectClass的价值以及是否＆＃34;用户＆＃34;然后运行Get-ADUser但这似乎不起作用 - 如果我这样做，所有ADGroupMember对象类都显示为用户。如果可能，想在一个查询中执行此操作。我从网上采取了一个例子并尝试修改它但没有成功。

我正在以这样格式的表/ csv中查找结果：

GroupName    Name        ObjectClass     Enabled
GroupA       John Smith  User            True 
GroupB       Jane Brown  User            False 
GroupB       GroupN      Group           NA/Group

$Table = @()

$Record = [ordered]@{
    "GroupName" = ""
    "Name" = ""
    "ObjectClass" = ""
    "Enabled" = ""
}

$Groups = Get-AdGroup -Filter * |
          Where {$_.Name -like "FS01*" -or $_.Name -like "ABC*"} |
          Select Name -ExpandProperty Name
foreach ($Group in $Groups) {
    $ArrayMembers = Get-ADGroupMember -Identity $Group |
                    Select Name, ObjectClass #, SamAccountName

    foreach ($Member in $ArrayMembers) {
        $Record."Enabled" = Get-ADGroupMember -Identity $Group |
                            Get-ADUser |
                            Select Enabled 
        $Record."GroupName" = $Group
        $Record."Name" = $Member.Name
        $Record."ObjectClass" = $Member.ObjectClass

        $objRecord = New-Object PSObject -Property $Record
        $Table += $objRecord
    }
}
$Table # | Export-Csv $filename -NoTypeInformation

Answer 1

不要让事情变得比他们需要的更复杂。使用Select-Object从组成员中选择名称和对象类，并通过calculated properties注入组名和启用状态。

Get-ADGroup -Filter * | Where-Object {
  $_.Name -like 'FS01*' -or
  $_.Name -like 'ABC*'
} | ForEach-Object {
  $groupname = $_.Name
  Get-ADGroupMember -Identity $_ |
    Select-Object @{n='GroupName';e={$groupname}}, Name, ObjectClass,
                  @{n='Enabled';e={if ($_.ObjectClass -eq 'user') {
                    Get-ADUser $_ | Select-Object -Expand Enabled
                  } else {
                    'NA/Group'
                  }}}
} | Export-Csv 'C:\path\to\output.csv' -NoType

具有用户帐户的Get-ADGroupMembers已启用状态

1 个答案: