我在线找到了一个脚本来帮助我识别AD中未使用的组。尝试运行它会给我带来意外的令牌错误。
$_default_log = $env:userprofile + '\Documents\never_used_ad_group_age.csv'
If ($(Try { Test-Path $_default_log} Catch { $false })){Remove-Item $_default_log -force}
(get-adforest).domains | foreach {$_domain = $_
get-adgroup -LDAPFilter "(&(!(member=*))(!(memberof=*)))" -Properties "msDS-ReplValueMetaData",whencreated,groupscope,groupcategory -server $_domain | `
where {(!($_."msDS-ReplValueMetaData"))} | select `
@{name='Domain';expression={$_domain}},name,samaccountname,groupcategory,groupscope,whencreated,`
@{name='AgeinDays';expression={(new-TimeSpan($($_.whencreated)) $(Get-Date)).days}},isCriticalSystemObject,distinguishedname,`
@{name='ParentOU';expression={$($_.distinguishedname -split '(?<![\\]),')[1..$($($_.distinguishedname -split '(?<![\\]),').Count-1)] -join ','}} | `
export-csv $_default_log -Append -NoTypeInformation
}
write-host "Report Can be found here $_default_log"
答案 0 :(得分:0)
我不确定为什么,但是如果您在第3行上选择后删除了反勾号,然后将下一行拉回去,则错误消失了。
$_default_log = $env:userprofile + '\Documents\never_used_ad_group_age.csv'
If ($(Try { Test-Path $_default_log} Catch { $false })){Remove-Item $_default_log -force}
(get-adforest).domains | foreach {$_domain = $_
get-adgroup -LDAPFilter "(&(!(member=*))(!(memberof=*)))" -Properties "msDS-ReplValueMetaData",whencreated,groupscope,groupcategory -server $_domain | `
where {(!($_."msDS-ReplValueMetaData"))} | select @{name='Domain';expression={$_domain}},name,samaccountname,groupcategory,groupscope,whencreated,`
@{name='AgeinDays';expression={(new-TimeSpan($($_.whencreated)) $(Get-Date)).days}},isCriticalSystemObject,distinguishedname,`
@{name='ParentOU';expression={$($_.distinguishedname -split '(?<![\\]),')[1..$($($_.distinguishedname -split '(?<![\\]),').Count-1)] -join ','}} | `
export-csv $_default_log -Append -NoTypeInformation
}
write-host "Report Can be found here $_default_log"