使用C#或Power Shell查看AD用户的属性(约300个属性)时,我需要获取属性编辑器(Attribute Editor)中列出的所有属性。
我试图查询架构用户,但没有获得足够的属性。
Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter {name -like "User"} -Properties MayContain,SystemMayContain |
Select-Object @{n="Attributes";e={$_.maycontain + $_.systemmaycontain}} |
Select-Object -ExpandProperty Attributes |
Sort-Object
请帮助。谢谢。
答案 0 :(得分:0)
以下“递归”功能应该起作用。它考虑了父类的属性继承。
function Get-AllAttributes {
Param($class)
$temp = get-adobject -searchbase (get-adrootdse).schemanamingcontext -filter "ldapdisplayname -eq '$class'" -Properties SystemMayContain,subClassOf,ldapdisplayname,MayContain
$temp.systemMayContain
$temp.MayContain
while($temp.subClassOf -and $temp.ldapdisplayname -ne $temp.subClassOf) {
$temp = get-adobject -searchbase (get-adrootdse).schemanamingcontext -filter "ldapdisplayname -eq '$($temp.subClassOf)'" -Properties SystemMayContain,subClassOf,ldapdisplayname,MayContain
$temp.systemMayContain
$temp.MayContain
}
}
Get-AllAttributes 'user'
答案 1 :(得分:0)
探查模式可以为您提供很多属性时,还有一些属性(systemFlags)在模式中未定义,但在需要时进行计算。
下面的函数应该获取所有这些信息:
function Get-AllADUserAttributes {
# First, get all AD user attributes defined in the Active Directory schema
$searchBase = (Get-ADRootDSE).SchemaNamingContext
$schemaAttribs = Get-ADObject -SearchBase $searchBase -Filter {name -like "User"} -Properties MayContain,SystemMayContain |
Select-Object @{Name = 'Attributes'; Expression = {$_.maycontain + $_.systemmaycontain}} |
Select-Object -ExpandProperty Attributes
# Next, get all created user attributes. These are not defined in the schema, but calculated when asked for
$flagsAttribs = Get-ADObject -SearchBase $searchBase -ldapfilter '(systemFlags:1.2.840.113556.1.4.803:=4)' -Properties systemFlags |
Select-Object -ExpandProperty Name
return ($schemaAttribs + $flagsAttribs) | Sort-Object
}