坚持如何将SAMAccounts(AD用户名)添加到结果中,任何人都可以帮忙,当前在SamAccountName列表中没有结果?
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where
{$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq
$false} |
Select Identity,User,SamAccountName,@{Name='Access Rights';Expression=
{[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation
C:\temp\mailboxpermissions1.csv
没有显示SAMAccountName的结果
答案 0 :(得分:2)
无法通过Get-Mailbox
或Get-MailboxPermission
使用SamAccountName,但可以使用具有计算属性的Get-User
获取它,请参见示例:
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission |
where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
Select Identity,User,@{N="SamAccountName";E={(Get-User $_.Identity).SamAccountName}},@{Name='Access Rights';Expression= {[string]::join(', ', $_.AccessRights)}} |
Export-Csv -NoTypeInformation C:\temp\mailboxpermissions1.csv
答案 1 :(得分:0)
您可以使用Get-Mailbox cmdlet获取SamAccountName。
((Get-Mailbox -Filter '*')[0] | Get-Member).Name
# Results
<#
PS C:\Scripts> ((Get-Mailbox -Filter '*')[0] | Get-Member).Name
...
RoomMailboxAccountEnabled
RulesQuota
SamAccountName
SCLDeleteEnabled
...
#>
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
# Results
<#
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
Administrator
...
#>
它不会像这里所说的那样通过管道传递。
示例:
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property '*'
# Results
<#
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : contoso.com/Users/Administrator
IsInherited : False
IsValid : True
ObjectState : Unchanged
...
#>
所以,尝试这种方式...
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# Results
<#
Identity User SamAccountName Access Rights
-------- ---- -------------- -------------
contoso.com/Users/Administrator NT AUTHORITY\SELF Administrator FullAccess, ReadPermission
...
#>
OP的更新
关于您的评论...
嗨,这个错误出了:调用命令:无法绑定参数“过滤器” 到目标。异常设置“ Filter”:“无效的过滤器语法。对于 过滤器参数语法的说明,请参阅命令帮助。 “ *” 在位置1。“
...如我在此更新之前的评论中所述。
该示例都是原始的原始PowerShell,并且应在本地或远程工作(只要您正确设置了PSRemoting,并且您在远程设备上是本地管理员,并且正在以该管理员身份运行)
如果运行此……
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited}
或者这个...
Invoke-Command -ComputerName ex01 -ScriptBlock {(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName}
或者这个...
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited | Select-Object -Property SamAccountName}
...在您的环境中通过PSRemoting会话本身,会发生什么情况?
如果您正在执行PSRemoting会话,就像这样...
$ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Kerberos -Credential $Creds
Import-PSSession $ExpSession
然后,您根本不需要Invoke-Command,因为cmdlet已被代理到您的工作站。只需按原样运行代码即可。
示例-隐式PSRemoting会话,利用-Prefix
这个-prefix不是绝对必需的,这只是我标准化用于所有隐式远程会话的一种习惯。如果在同一框中同时使用Exchange Online cmdlet和Exchange本地cmdlet,则建议使用-prefix,以免造成混淆和错误。):
($ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Default)
<#
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
8 Session8 ex01.contoso... Opened Microsoft.Exchange Available
#>
Import-PSSession $ExpSession -Prefix 'EXP'
<#
WARNING: The names of some imported commands from the module 'tmp_zucxz5zd.0ee' include unapproved verbs that might make them less discoverable. To find the commands wi
th unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 tmp_zucxz5zd.0ee {Add-EXPADPermission, Add-EXPAvai...
#>
(Get-ExpMailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-ExpMailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# The results would be the same as my original response.