列出AD用户的组成员身份

时间:2011-11-04 13:05:35

标签: powershell

使用以下Powershell代码段,我获取当前用户的组成员身份名称:

$groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach($i in $groups){
$i.Translate([System.Security.Principal.NTAccount]).value
}

如何修改此项,我可以提供用户帐户名作为参数?

谢谢,

乌韦

3 个答案:

答案 0 :(得分:10)

如果您有权访问ActiveDirectory模块,我建议您使用Get-ADUser。如果您无法使用该模块,可以使用System.DirectoryServices.AccountManagement程序集:

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$username = read-host -prompt "Enter a username"
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
  $i.SamAccountName
}

答案 1 :(得分:1)

您可以从Quest site下载此PSSnapin:Quest.ActiveRoles.ADManagement。 (Active Directory的ActiveRoles管理外壳程序) 是免费软件,你可以做:

(get-qaduser username).memberof

获取用户“用户名”

的直接组成员资格列表

答案 2 :(得分:0)

get-help是你最好的朋友:

PS> get-help *member*

Name                              Category  Synopsis
----                              --------  --------
Export-ModuleMember               Cmdlet    Specifies the module members that are exported.
Add-Member                        Cmdlet    Adds a user-defined custom member to an instance of a Windows PowerShell object.
Get-Member                        Cmdlet    Gets the properties and methods of objects.
Add-ADGroupMember                 Cmdlet    Adds one or more members to an Active Directory group.
Add-ADPrincipalGroupMembership    Cmdlet    Adds a member to one or more Active Directory groups.
Get-ADGroupMember                 Cmdlet    Gets the members of an Active Directory group.
Get-ADPrincipalGroupMembership    Cmdlet    Gets the Active Directory groups that have a specified user, computer, group, or ser...
Remove-ADGroupMember              Cmdlet    Removes one or more members from an Active Directory group.
Remove-ADPrincipalGroupMembership Cmdlet    Removes a member from one or more Active Directory groups.

这样:

 $username = "someusername"
 get-adprincipalgroupmembership $username | select name