我已经开发了三个PowerShell脚本,它们使我能够通过一个或多个OU的内容自动在安全组中添加和删除用户。由于审计的需要,这些脚本将需要一个日志文件。我需要创建一个日志文件来帮助您,该日志文件说明已在组中添加或删除的内容(变量:$SGshadowUG)。您可以在下面找到我正在使用的脚本。
我尝试不使用try / catch / finally。
$OUusers = "OU=Users,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
$OUdallas = "OU=Dallas,OU=Users,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
$OUremote = "OU=Remote Users,OU=Users,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
$OUmemphis = "OU=Memphis,OU=Users,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
$OUonprocess = "OU=OnProcess,OU=Users,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
$SGshadowUG = "CN=shadow-Standard-Users,OU=Groups,OU=organizationalUnit,DC=internal,DC=domain,DC=com"
Get-ADGroupMember –Identity $SGshadowUG | Where-Object {
($_.distinguishedName -match $OUremote) -and
($_.distinguishedName -match $OUdallas) -and
($_.distinguishedName -match $OUmemphis) -and
($_.distinguishedName -notmatch $OUonprocess)
} | ForEach-Object {
Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $SGshadowUG –Confirm:$false
}
Get-ADUser –SearchBase $OUdallas –SearchScope OneLevel –LDAPFilter "(!memberOf=$SGshadowUG)" |
ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $SGshadowUG}
Get-ADUser –SearchBase $OUmemphis –SearchScope OneLevel –LDAPFilter "(!memberOf=$SGshadowUG)" |
ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $SGshadowUG}
Get-ADUser –SearchBase $OUremote –SearchScope OneLevel –LDAPFilter "(!memberOf=$SGshadowUG)" |
ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $SGshadowUG}
答案 0 :(得分:0)
您要搜索什么? 你尝试了什么?
这是一种真正常见的PowerShell 101,并且有很多实现方法。您只需要决定要投入多少时间/精力,当然,对于所有相关人员而言,最有效的长期方法是
只需使用管理cmdlet的常规文件将屏幕输出发送到文件...
示例:
Out-File
或 Start-Transcript#记录脚本正在执行的所有操作。
...等等。
您甚至可以在用例中利用冗长的用法,并在此处讨论了一个详细说明:
https://devblogs.microsoft.com/scripting/use-powershell-to-write-verbose-output
您甚至可以写入现有事件日志,也可以创建自己的事件日志并对其进行写入,如此处所讨论和显示的:
https://devblogs.microsoft.com/scripting/how-to-use-powershell-to-write-to-event-logs
或通过简单的搜索利用示例:
“为您的脚本创建PowerShell日志文件”
如何在PowerShell中记录脚本 https://key2consulting.com/how-to-log-scripts-in-powershell
#Function that logs a message to a text file
function LogMessage
{
param([string]$Message, [string]$LogFile)
((Get-Date).ToString() + " - " + $Message) >> $LogFile;
}
#Function that deletes log file if it exists
function DeleteLogFile
{
param([string]$LogFile)
#Delete log file if it exists
if(Test-Path $LogFile)
{
Remove-Item $LogFile
}
}
如何在PowerShell中构建日志记录功能 https://blog.ipswitch.com/how-to-build-a-logging-function-in-powershell
function Write-Log
{
[CmdletBinding()]
param
(
[Parameter()]
[ValidateNotNullOrEmpty()]
[string]$Message,
[Parameter()]
[ValidateNotNullOrEmpty()]
[ValidateSet('Information','Warning','Error')]
[string]$Severity = 'Information'
)
[pscustomobject]@{
Time = (Get-Date -f g)
Message = $Message
Severity = $Severity
} | Export-Csv -Path "$env:Temp\LogFile.csv" -Append -NoTypeInformation
}
或者这个
PowerShell:如何轻松地为脚本创建日志文件 https://9to5it.com/powershell-logging-function-library
MS powershellgallery.com可以利用完整的模块
Find-Module -Name '*log*' | Format-Table -AutoSize
甚至用于脚本记录用例的预构建脚本
https://gallery.technet.microsoft.com/scriptcenter/Write-Log-A-Simple-Logging-52827c98 https://gallery.technet.microsoft.com/scriptcenter/Write-Log-PowerShell-999c32d0