查询OnPremise AD的特定AD属性以检查Office 365

Question

我需要确定Office 365中当前已经存在或仍在内部的电子邮件地址收件人。

以下简单的PowerShell脚本仅可用于导出AD组特定成员中的用户列表：

Get-ADGroup -Filter {Name -like '*IT*'} | Select-Object @{ n='Group'; e={ $_.Name } }, @{ n='Members'; e={ (Get-ADGroup $_.DistinguishedName -Properties Members | Select-Object Members).Members } } |
    Get-ADGroupMember -Recursive |
        Get-ADUser -Properties Mail | Select-Object Name, sAMAccountName, Mail |
            Export-CSV -path "C:\Group_members.csv" -NoTypeInformation

我只是想要另一列来显示用户是否已经在Office 365或Still OnPremise中。

还有另一篇专家帖子：

Get-MsolUser -UsageLocation US -All |
    Where-Object isLicensed -eq $true |
    Select-Object -Property DisplayName, UserPrincipalName, isLicensed,
    @{label = 'MailboxLocation'; expression = {
            switch ($_.MSExchRecipientTypeDetails) {
                1 {'OnPremise'; break}
                2147483648 {'Office365'; break}
                default {'Unknown'}
            }
        }
    }

但是我不确定如何组合上面的脚本？

我还尝试了以下脚本来查询具有特定属性的OnPremise AD，但仍然失败，没有返回结果？

Get-ADUser-Filter *-Properties *|
Where-Object {($_.msExchRemoteRecipientType-eq4) -and
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648') -and
  ($_.proxyAddresses -contains "*.onmicrosoft.com*")
} 

Answer 1

通过Get-ADUser的用户上没有名为targetAddress的属性

尽管将其放在选择项中，但由于允许您在选择项中添加所需的任何属性名称（无论该属性名称是否存在），因此它将在结果中显示为空。

这也是语法错误

$_.msExchRecipientDisplayType = '-2147483642')

您也没有正确使用比较运算，但是您正在使用赋值运算符。意思是-eq vs'='。

$_.msExchRecipientDisplayType -eq ...


# Find all cmdlets / functions with a target parameter
Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'targetAddress'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'targetAddress'} | 
Format-Table -Autosize


# No results



Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'Address'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'Address'} | 
Format-Table -Autosize

< #
CommandType     Name                        ModuleName
-----------     ---- ----------
Cmdlet          New-ADDCCloneConfigFile     ActiveDirectory
Cmdlet          New-ADOrganizationalUnit    ActiveDirectory
Cmdlet          New-ADUser                  ActiveDirectory
Cmdlet          Set-ADOrganizationalUnit    ActiveDirectory
Cmdlet          Set-ADUser                  ActiveDirectory
#>


Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'EmailAddress|proxyAddress'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'EmailAddress|proxyAddress'} | 
Format-Table -Autosize
< #
CommandType Name       ModuleName     
----------- ----       ----------     
Cmdlet      New-ADUser ActiveDirectory
Cmdlet      Set-ADUser ActiveDirectory
#>


Clear-Host
(Get-ADUser -Filter * -Properties *)[0] | 
Get-Member -Force | 
Select Name, MemberType | 
Format-Table -AutoSize


Name                                            MemberType
----                                            ----------
...
EmailAddress                                      Property
...
mail                                              Property
mailNickname                                      Property
...
msExchArchiveQuota                                Property
msExchArchiveWarnQuota                            Property
msExchCalendarLoggingQuota                        Property
msExchCoManagedObjectsBL                          Property
msExchDumpsterQuota                               Property
msExchDumpsterWarningQuota                        Property
msExchELCMailboxFlags                             Property
msExchHomeServerName                              Property
msExchMailboxGuid                                 Property
msExchMailboxSecurityDescriptor                   Property
msExchPoliciesIncluded                            Property
msExchRBACPolicyLink                              Property
msExchRecipientDisplayType                        Property
msExchRecipientTypeDetails                        Property
msExchTextMessagingState                          Property
msExchUMDtmfMap                                   Property
msExchUserAccountControl                          Property
msExchUserCulture                                 Property
msExchVersion                                     Property
msExchWhenMailboxCreated                          Property
...
proxyAddresses                                    Property
...
#>

正如其他网站所述，这也是...

($_.proxyAddresses -contains "*.onmicrosoft.com*")

...真的应该是这个...

($_.proxyAddresses -match "onmicrosoft.com")

...或者这个...

($_.proxyAddresses -like "*.onmicrosoft.com*")

OP的更新

After getting back to my test environment, the below works for the use case.

Get-ADUser -Filter * -Properties msExchRemoteRecipientType,proxyAddresses,msExchRecipientDisplayType,msExchRecipientTypeDetails | 
Where-Object {($_.msExchRemoteRecipientType -eq 4) -and
  ($_.proxyAddresses -match "onmicrosoft.com") -and
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648')
} 

此外，更正并不是因为您要使用的内容而需要它，因为proxyAddresses返回相同的内容，所以当您击中该远程O365邮箱时，您确实获得了targetAddress属性，该属性不在本地邮箱中，因此，为确保一致性，您可能更谨慎使用proxyAddresses。

Get-ADUser -Filter * -Properties msExchRemoteRecipientType,proxyAddresses,targetAddress,msExchRecipientDisplayType,msExchRecipientTypeDetails | 
Where-Object {($_.msExchRemoteRecipientType -eq 4) -and
  ($_.proxyAddresses -match "onmicrosoft.com") -and
  ($_.targetAddress -match 'onmicrosoft.com') -and 
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648')
}