让所有AD用户进入我的工作环境时遇到问题。 它运行约30分钟,然后在下面显示以下错误:
Get-ADUser : The server has returned the following error: invalid enumeration context.
At line:3 char:19
+ Get-ADUser -filter * -Properties * |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
我做了一些研究,发现MaxEnumContextExpiration = 30分钟,并认为这就是它在30分钟后停止运行的原因。
我的问题是:有没有一种更快的方法来拉动我工作环境中的所有用户(大约6万名员工)以及他们的所有信息(姓名,Samaccount名称,说明,组成员身份,帐户状态等)< / p>
这是我目前拥有的脚本:
Import-module activedirectory
$daTA=@(
Get-ADUser -filter * -Properties * |
Select-Object @{Label = "FirstName";Expression = {$_.GivenName}},
@{Name = "LastName";Expression = {$_.Surname}},
@{Name = "Full address";Expression = {$_.StreetAddress}},
@{Name = "Fullname";Expression = {$_.Name}},
@{Name = "LogonName";Expression = {$_.Samaccountname}},
@{Name = "City";Expression = {$_.City}},
@{Name = "State";Expression = {$_.st}},
@{Name = "Post Code";Expression = {$_.PostalCode}},
@{Name = "Country/Region";Expression ={$_.Country}},
@{Name = "MobileNumber";Expression = {$_.mobile}},
@{Name = "Phone";Expression = {$_.telephoneNumber}},
@{Name = "Description";Expression = {$_.Description}},
@{name= "OU";expression={$_.DistinguishedName.split(',')[1].split('=')[1]}},
@{Name = "Email";Expression = {$_.Mail}},
@{Name = "MemberOfGroups";e= { ( $_.memberof | % { (Get-ADGroup $_).Name }) -join “,” }},
@{Name = "Primary Group";Expression= {$_.primarygroup -replace '^CN=|,.*$'}},
@{Name = "UserPrincipalName";Expression = {$_.UserPrincipalName}},
@{Name = "LastLogonTimeSTamp";Expression = {if(($_.lastLogonTimestamp -like '*1/1/1601*' -or $_.lastLogonTimestamp -eq $null)){'NeverLoggedIn'} Else{[DateTime]::FromFileTime($_.lastLogonTimestamp)}}},
@{Name = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}},
@{Name = "LastLogonDate";Expression = {if(($_.lastlogondate -like '*1/1/1601*' -or $_.lastlogondate -eq $null)){'NeverLoggedIn'} Else{$_.lastlogondate}}},
@{Name = "WhenUserWasCreated";Expression = {$_.whenCreated}},
@{Name = "accountexpiratondate";Expression = {$_.accountexpiratondate}},
@{Name = "PasswordLastSet";Expression = {([DateTime]::FromFileTime($_.pwdLastSet))}},
@{Name = "PasswordExpiryDate";Expression={([datetime]::fromfiletime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}},
@{Name = "Password Never";Expression = {$_.passwordneverexpires}},
@{Name = "HomeDriveLetter";Expression = {$_.HomeDrive}},
@{Name = "HomeFolder";Expression = {$_.HomeDirectory}},
@{Name = "scriptpath";Expression = {$_.scriptpath}},
@{Name = "HomePage";Expression = {$_.HomePage}},
@{Name = "Department";Expression = {$_.Department}},
@{Name = "EmployeeID";Expression = {$_.EmployeeID}},
@{Name = "Job Title";Expression = {$_.Title}},
@{Name = "EmployeeNumber";Expression = {$_.EmployeeNumber}},
@{Name = "Manager";Expression={($_.manager -replace 'CN=(.+?),(OU|DC)=.+','$1')}},
@{Name = "Company";Expression = {$_.Company}},
@{Name = "Office";Expression = {$_.OfficeName}}
)
$DAta | Sort LastLogondate -Descending |
Export-Csv -Path c:\adusers.csv -NoTypeInformation
答案 0 :(得分:0)
我自己还没有看到这个问题,主要是因为我没有足够大的AD环境可以测试!
假设,我发现可能有一个-ResultSize开关,这是我发现的:
-ResultSetSize 指定要为Active Directory域服务查询返回的最大对象数。如果要接收所有对象,请将此参数设置为$ null(空值)。您可以使用Ctrl + c停止查询并返回对象。
默认值为$ null。
下面的示例演示如何设置此参数,以便您接收所有返回的对象。
-ResultSetSize $ null
我知道它说默认值已经设置为$null,但是可能值得尝试包括该开关并查看它是否有所不同。
最好遵循@Drew和@Lee_Dailey已经提出的建议。
按OU进行过滤将大大减少请求服务器端的速度和资源成本,仅请求所需的属性将有助于加快处理速度并减少所需的负载/ RAM(如果需要,重新将其全部存储在变量中。
让我知道这是否有帮助,因为我很好奇自己!