我正在编写一个自定义函数来获取活动目录组成员。我写它但不使用Get-ADGroupMember或Get-QADGroupMember的原因是因为我想跟踪嵌套组中嵌套组之间的关系。标准功能没有它。
Function Get-GrpMmbr {
param([string]$Identity, [string]$Domain)
$Members = Get-ADGroupMember -Identity $Identity -Server $Domain
# Pipe through all members. If it is group, then dump info and call itself;
# Else (not group), dump info.
$Members | foreach {
if ($_.objectClass -eq 'group') {
# Get the groupName and domain name
$DistinguishedName = $_.distinguishedName
$Parts = $DistinguishedName -split ","
foreach ($Part in $parts) {
if($Part -like "CN=*"){$GroupName = ($Part -split "=")[1]}
if($Part -like "DC=*"){$DomainName=($Part -split "=")[1];break}
}
[PSCustomObject]@{
'UserName' = $_.name
'UserID' = $_.SamAccountName
'GroupName' = $Identity ## show the group from the direct parent group
'Type'= "Group"
} # end of new object
# recursion happens here
Get-EFSGrpMmbr -Identity $GroupName -Domain $DomainName
} else {
[PSCustomObject]@{
'UserName' = $_.name
'UserID' = $_.SamAccountName
'GroupName' = $Identity
'Type' = "User"
} # end of new object
} # end of Else
} # end of foreach loop
} # end of function
问题:它通过以下场景进入无限循环:
Get-GrpMmbr -Identity 'GroupA' -Domain 'NW'
条件是:GroupA是GroupB的成员; GroupB是GroupC的成员; GroupC是GroupA的成员。
那么,如何阻止无限循环?
答案 0 :(得分:1)
Function Get-GrpMmbr {
param([string]$Identity, [string]$Domain, [array]$Path = @())
If ($Path -contains $Identity) {Return}
...
Get-GrpMmbr $GroupName $DomainName ($Path + $Identity)
...
}
如果你想显示无限循环:
Function Get-GrpMmbr {
param([string]$Identity, [string]$Domain, [array]$Path = @())
$i = [array]::indexof($Path, $Identity) #In case of a sAMAccountName you might want to ignore the case
If ($i -ge 0) {
Write-Host "Inifitive loop:" $Path[$i..999]
Return
}
...
Get-GrpMmbr $GroupName $DomainName ($Path + $Identity)
...
}