Powershell脚本,用于获取用户名的AD组成员身份

时间:2020-02-27 12:50:44

标签: powershell

我想编写用于以CSV列出的用户名以SSL_VPN开头的AD组成员身份的脚本。

到目前为止,我已经尝试过:

Import-Csv C:\Users.csv |
  ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} |
    Get-ADprincipalGroupMembership |
      Select-Object @{ n = 'samaccountname'; e = { $user.samaccountname } }, name |
        Export-csv -path C:\UserPermiss.csv -NoTypeInformation

2 个答案:

答案 0 :(得分:1)

通过DisplayName属性获取用户不是最安全的事情。如果您的CSV文件具有其他更独特的属性,例如SamAccountNameUserPrincipalNameDistinguishedNameEmailAddress,那就更好了。

无论如何,您应该在循环中检查是否可以找到具有该名称的用户,并且只有在这样的情况下,才能获取组成员身份。

Import-Csv 'C:\Users.csv' | ForEach-Object { 
    $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
    if ($user) {
        Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
        Where-Object { $_.name -like 'SSL_VPN*' } |
        Select-Object @{ Name = 'SamAccountName'; Expression = { $user.SamAccountName } },
                      @{ Name = 'Group'; Expression = { $_.name }}
    } 
    else {
        Write-Warning "User '$($_.username)' not found"

        # if you want this message to also appear in your output CSV, do something like this:
        [PsCustomObject]@{
            'SamAccountName' = "User '$($_.username)' not found"
            'Group' = ''
        }
    }
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation

如果您想在用户不是SSL_VPN组成员时看到警告消息,可以执行以下操作:

Import-Csv 'C:\Users.csv' | ForEach-Object { 
    $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
    if ($user) {
        $group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName | 
                 Where-Object { $_.name -like 'SSL_VPN*' }
        if ($group) {
            [PsCustomObject]@{
                'SamAccountName' = $user.SamAccountName 
                'Group'          = $group.name
            }
        }
        else {
            Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
        }
    } 
    else {
        Write-Warning "User '$($_.username)' not found"
    }
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation

答案 1 :(得分:0)

您可以使用类似这样的命令(csv的第一行必须为samaccountname):

$users=Import-Csv D:\adusers.CSV
foreach($user in $users){
$groupname=Get-ADPrincipalGroupMembership -Identity $user.samaccountname |where {$_.name -like "SSL_VPN*"}|select -ExpandProperty name
    if($groupname -ne $null){
        foreach($group in $groupname){
        [string]$data=($user|select -ExpandProperty samaccountname)+';'+$group
        $data|Out-File -FilePath d:\stack.csv -Encoding utf8 -Append
        } 
    }
}
相关问题
最新问题