终止&不在群组

时间:2018-01-24 04:13:37

标签: powershell active-directory account active-directory-group powershell-v1.0

我试图为所有没有该群组的已停用帐户生成报告"已终止的员工"但它似乎不会生成报告。以下是我目前的代码。

TLDR:该文本文件包含所有已禁用帐户的列表,我正在尝试将此列表与“已终止员工”中的人员列表交叉引用,然后将该帐户返回到CSV文件在该列表中,在组"终止员工"。

另请注意,我们需要绕过Get-ADGroupMember的限制,因为此群组中有超过5000名成员。

$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"

$a = @(Get-ADGroup $ADGroupName | Select-Object -ExpandProperty Member)

foreach ($user in $users) {
    if ($a -contains $user) {
    "Member found"
    } else {
        $SplitStep1 = ($Member -split ",",2)[0]
        $SplitStep2 = ($SplitStep1 -split "=",2)[1]
        $SplitStep2 = $SplitStep2 | Out-File -Append $InputPath
    }
}

foreach ($value in (Get-Content $InputPath)) {
    $b = Get-ADUser -Identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}

2 个答案:

答案 0 :(得分:1)

我建议使用Import-CsvExport-Csv cmdlet处理输入和输出文件。如果我们正在搜索作为特定组成员的禁用用户帐户,则根本不需要输入文件。 这个oneliner怎么样:

Get-ADGroup "Terminated Employees" -Properties Members |
Select-Object -ExpandProperty Members |
Get-ADUser -Properties Enabled, Displayname, LastLogonDate |
Where-Object {$_.Enabled -eq $false} |
Select-Object DisplayName, SamAccountName, LastLogonDate, Enabled |
Export-Csv outfile.txt

编辑:在急于回答之前,应该将原始问题内化。我认为最明确的方法是创建两组用户并进行比较,将结果导出为CSV文件。

$disabledusers = Get-Aduser -filter "Enabled -eq '$false'" -properties
DisplayName, SamAccountName, LastLogonDate, Enabled | select DisplayName,
SamAccountName, LastLogonDate, Enabled

$groupmembers = Get-ADGroup "Terminated Employees" -Properties Members| 
Select-Object -ExpandProperty Members | Get-ADUser -Properties DisplayName,
sAMAccountName, LastLogonDate, Enabled | select DisplayName, SamAccountName,
LastLogonDate, Enabled

Compare-Object $groupmembers $disabledusers -Property enabled -PassThru |
?{$_.sideindicator -eq "=>"} | select DisplayName, SamAccountName,
LastLogonDate, Enabled | export-csv outfile.txt

答案 1 :(得分:0)

您未在Members命令中向ActiveDirectory请求Get-ADGroup属性(还需要将s添加到Members Select-Object };))。

$ADGroupName = "Terminated Employees"
$users = Get-Content C:\Shortcuts\users.txt
$InputPath= "C:\Scripts\T_Accounts.csv"

# Here we need to add the -Properties parameter to ask ActiveDirectory for the group Members
$a = @(Get-ADGroup -Identity $ADGroupName -Properties Members | Select-Object -ExpandProperty Members)


ForEach ($user in $users)
{
if ($a -contains $user)
{
"Member found"
}
else 
{
 $SplitStep1 = ($Member -split ",",2)[0]
 $SplitStep2 = ($SplitStep1 -split "=",2)[1]
 $SplitStep2 = $SplitStep2 | out-file -Append $InputPath
}
}


ForEach ($value in (Get-Content $InputPath))
{
 $b = Get-ADUser -identity $value -Properties DisplayName, sAMAccountName, LastLogonDate, Enabled
}
相关问题
最新问题