查找不是特定GG组成员的计算机

时间:2019-06-05 11:50:00

标签: powershell active-directory active-directory-group

我使用脚本来导出不在活动目录中特定GG组中的用户,但我希望对计算机执行相同的操作。

这是与用户一起使用的示例:

$groups = 'GG_LCS_UsersType4', 'GG_LCS_UsersType3', 'GG_LCS_UsersType2', 'GG_LCS_SpecialUsers'
$whereFilter = $groups | Foreach-Object { 
    $g = (Get-ADGroup -server $domain $_).DistinguishedName
    "{0} '{1}'" -f '$_.memberOf -notcontains',$g 
}
$whereFilter = [scriptblock]::Create($whereFilter -join " -and ")
$users = (Get-ADUser -server $Domain -filter {objectclass -eq "user"} -properties memberof).where($whereFilter)
$users | Select-Object SamAccountName,Enabled |
    Export-Csv "${Domain}_Users_withoutGG.csv" -NoTypeInformation -Encoding UTF8 -Append

我尝试这样做是为了对计算机执行相同操作,但这不起作用:

$groups = 'GG_LCS_ComputersType2', 'GG_LCS_ComputersType3', 'GG_LCS_ComputersType4'
$whereFilter = $groups | Foreach-Object { 
    $g = (Get-ADGroup -server $domain $_).DistinguishedName
    "{0} '{1}'" -f '$_.memberOf -notcontains',$g 
}
$whereFilter = [scriptblock]::Create($whereFilter -join " -and ")
$users = (Get-ADComputer -server $Domain -filter {objectclass -eq "computer"} -properties memberof).where($whereFilter)
$users | Select-Object SamAccountName,Enabled |
    Export-Csv "${Domain}_Computers_withoutGG.csv" -NoTypeInformation -Encoding UTF8 -Append

你能帮我吗?谢谢!

1 个答案:

答案 0 :(得分:1)

尝试添加-SearchBase 

$AD = Get-ADComputer  -Filter *  -Properties $properties -SearchBase "DC=subdomain,DC=domain,DC=com" -Server $server
$AD | Select-Object * | Export-Csv -NoTypeInformation $filePath -Encoding UTF8
相关问题
最新问题