我正在尝试修复以下PowerShell脚本,以列出名为 Domain Admins 的AD安全组成员,并将其导出到.CSV文件。
$ADGroupType = 'security'
$ADGroupNamePattern = 'Domain Admins'
$ResultFile = "C:\Result.csv"
function ConvertFrom-DN {
[cmdletbinding()]
param(
[Parameter(Mandatory,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
[ValidateNotNullOrEmpty()]
[string[]]$DistinguishedName
)
process {
foreach ($DN in $DistinguishedName) {
Write-Verbose $DN
foreach ( $item in ($DN.replace('\,','~').split(","))) {
switch ($item.TrimStart().Substring(0,2)) {
'CN' {$CN = '/' + $item.Replace("CN=","")}
'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'}
'DC' {$DC += $item.Replace("DC=","");$DC += '.'}
}
}
$CanonicalName = $DC.Substring(0,$DC.length - 1)
for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]}
if ( $DN.Substring(0,2) -eq 'CN' ) {
$CanonicalName += $CN.Replace('~','\,')
}
$qwer = [PSCustomObject]@{
'CanonicalName' = $CanonicalName;
}
Write-Output $qwer
}
}
}
Function Get-ADGroupMemberRecursive {
[CmdletBinding()]
Param(
[Parameter(ValueFromPipeline=$true)]
$Identity,
[string[]]$Property
)
Begin {
$splat = @{}
If ($Property) {$splat['Property'] = $Property}
}
Process {
Get-ADGroupMember -Identity $Identity | ForEach-Object {
If ($_.objectClass -eq 'User') {
Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp
} ElseIf ($_.objectClass -eq 'Group') {
Get-ADGroupMemberRecursive -Identity $_ @splat
}
}
}
}
Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" |
Get-ADGroupMemberRecursive -Property Mail |
Select-Object Group,
Name,
SamAccountName,
Mail,
whenCreated,
@{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}},
@{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}},
@{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}} |
Export-Csv -Path $ResultFile -NoTypeInformation
ii $ResultFile
上面的脚本的问题是: