使用以下Powershell代码段,我获取当前用户的组成员身份名称:
$groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach($i in $groups){
$i.Translate([System.Security.Principal.NTAccount]).value
}
如何修改此项,我可以提供用户帐户名作为参数?
谢谢,
乌韦
答案 0 :(得分:10)
如果您有权访问ActiveDirectory模块,我建议您使用Get-ADUser。如果您无法使用该模块,可以使用System.DirectoryServices.AccountManagement程序集:
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$username = read-host -prompt "Enter a username"
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
$i.SamAccountName
}
答案 1 :(得分:1)
您可以从Quest site下载此PSSnapin:Quest.ActiveRoles.ADManagement。 (Active Directory的ActiveRoles管理外壳程序) 是免费软件,你可以做:
(get-qaduser username).memberof
获取用户“用户名”
的直接组成员资格列表答案 2 :(得分:0)
get-help是你最好的朋友:
PS> get-help *member* Name Category Synopsis ---- -------- -------- Export-ModuleMember Cmdlet Specifies the module members that are exported. Add-Member Cmdlet Adds a user-defined custom member to an instance of a Windows PowerShell object. Get-Member Cmdlet Gets the properties and methods of objects. Add-ADGroupMember Cmdlet Adds one or more members to an Active Directory group. Add-ADPrincipalGroupMembership Cmdlet Adds a member to one or more Active Directory groups. Get-ADGroupMember Cmdlet Gets the members of an Active Directory group. Get-ADPrincipalGroupMembership Cmdlet Gets the Active Directory groups that have a specified user, computer, group, or ser... Remove-ADGroupMember Cmdlet Removes one or more members from an Active Directory group. Remove-ADPrincipalGroupMembership Cmdlet Removes a member from one or more Active Directory groups.
这样:
$username = "someusername" get-adprincipalgroupmembership $username | select name