我需要帮助来查找属于我组织中多个域的用户/组。就像我现在所拥有的那样,它仅遍历主域。我希望它在我所有组织域中搜索用户/组。
这就是我所拥有的:
$Users = @()
$Groups = @()
$list = Get-Content C:\temp\ADGroups.txt
Foreach ($o in $list){
$ObjectClass = (Get-ADObject -Filter {SamAccountName -eq $o}).ObjectClass
If ($ObjectClass -eq "User")
{
$U = Get-ADUser -Properties * -Identity $o
$User = "" | Select FullUserName, LoginID, Description
$User.FullUserName = $U.DisplayName
$User.LoginID = $U.SamAccountName
$User.Description = $U.description
$Users += $User
}
Else
{
If ($ObjectClass -eq "Group")
{
$G = Get-ADGroup -Properties * -Identity $o
$GM = Get-ADGroupMember -Identity $G.name -Recursive | Get-ADUser -Properties *
Foreach ($gmember in $GM)
{
$Group = "" | Select GroupName, GroupDescription, GroupMemberName, GroupMemberLoginID, GroupMemberDesc
$Group.GroupName = $G.Name
$Group.GroupDescription = $G.Description
$Group.GroupMemberName = $gmember.Name
$Group.GroupMemberLoginID = $gmember.SamAccountName
$Group.GroupMemberDesc = $gmember.Description
$Groups += $Group
}
}
}
}
>> $Users | Export-Csv C:\temp\PCMUsers.csv -NoTypeInformation
>> $Groups | Export-Csv C:\temp\PCMGroups.csv -NoTypeInformation
答案 0 :(得分:1)
从 TheIncorrigible1 注释开始,下面是一些可能有用的代码。
$Domains = (Get-ADForest).Domains.ForEach{(Get-ADDomain $_).PDCEmulator}
$Users = @()
$Groups = @()
$list = Get-Content C:\temp\ADGroups.txt
ForEach ($dom in $Domains) {
Foreach ($o in $list){
$ObjectClass = (Get-ADObject -Filter {SamAccountName -eq $o}).ObjectClass
#Gets the users in that directory according to the ObjectClass rules
Get-ADUser -Identity $ObjectClass -Server $dom -Properties *
#....
}
}
#....
#....
注意:我没有安装AD模块,因此无法对其进行测试。让我知道它是否失败