所以,今天我被分配了从他们所有的DL中移除域上的所有前雇员(他们在AD中有他们自己的文件夹)的任务。有没有办法快速做到这一点,或者至少比单独检查每个人并转到>成员更快?删除所有?
由于
编辑以添加更多信息:
有822个用户需要更新“成员”标签,以便从所有通讯组列表中删除它们。这需要我的团队5(帮助台)大约一周时间来筛选我们已经巨大的工作量。所有前雇员的文件夹的粗略路径是:
BusinessName.local \ MyBusiness \用户\前雇员\
如果需要任何其他信息,我将非常乐意提供。
编辑2:系统中有超过250个DL,因此无法提供清单,无论是出于机密性还是功能性原因。
答案 0 :(得分:3)
添加了脚本 如果你想使用Powershell脚本,这里是代码
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
$directorySearcher.SearchRoot = "LDAP://OU=YourOU,DC=YourDomain,DC=com"
$directorySearcher.PageSize = 1000
$directorySearcher.Filter = "(&(objectCategory=User))"
$directorySearcher.SearchScope = "Subtree"
$directorySearcher.PropertiesToLoad.Add("name")
$searchResults = $directorySearcher.FindAll()
foreach ($result in $searchResults)
{$objItem = $result.Properties
"Name: " + $objItem.name
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$userPrincipal = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($contextType,$objItem.name)
$userGroups = $userPrincipal.GetGroups()
foreach($userGroup in $userGroups){
if ($userGroup.IsSecurityGroup -eq 0) #Distribution Group Only
{
"Removing - " + $userGroup.SamAccountName
$userGroup.Members.Remove($userPrincipal)
$userGroup.Save()
}
}
}
.Net这里是代码
using System;
using System.Collections;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
namespace RemoveFromDistributionGroups
{
class Program
{
private static string sDomain;
private static string sDefaultOU;
private static string sServiceUser;
private static string sServicePassword;
static void Main(string[] args)
{
try
{
Console.Write("Type your Domain (i.e: yourcompany.com) ");
sDomain = Console.ReadLine();
Console.Write("Type the OU you want to use: (i.e: OU=yourou,DC=yourcompany,DC=com)");
sDefaultOU = Console.ReadLine();
Console.Write(@"Username: (i.e.: YOURDOMAIN\Raymund )");
sServiceUser = Console.ReadLine();
Console.Write("Password: ");
sServicePassword = Console.ReadLine();
foreach (UserPrincipal user in GetAllUsers())
{
Console.WriteLine("Processing User : " + user.Name);
foreach (GroupPrincipal group in GetUserGroups(user))
{
if (group.IsSecurityGroup == false) //Distribution Group
{
group.Members.Remove(user);
group.Save();
}
}
}
Console.WriteLine("Done! Press a key to exit");
Console.ReadLine();
}
catch (Exception ex)
{
Console.WriteLine("Error Encountered : " + ex.Message);
Console.WriteLine("Press a key to exit");
Console.ReadLine();
}
}
public static PrincipalContext GetPrincipalContext(string sOU)
{
PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, sDomain, sOU, ContextOptions.Negotiate, sServiceUser, sServicePassword);
return oPrincipalContext;
}
public static ArrayList GetAllUsers()
{
ArrayList myItems = new ArrayList();
PrincipalSearcher oPrincipalSearcher = new PrincipalSearcher();
UserPrincipal oUserPrincipal = new UserPrincipal(GetPrincipalContext(sDefaultOU));
oUserPrincipal.SamAccountName = "*";
oUserPrincipal.Enabled = true;
oPrincipalSearcher.QueryFilter = oUserPrincipal;
((DirectorySearcher)oPrincipalSearcher.GetUnderlyingSearcher()).PageSize = 5000;
PrincipalSearchResult<Principal> oPrincipalSearchResults = oPrincipalSearcher.FindAll();
foreach (Principal oResult in oPrincipalSearchResults)
{
myItems.Add(oResult);
}
return myItems;
}
public static ArrayList GetUserGroups(UserPrincipal oUserPrincipal)
{
ArrayList myItems = new ArrayList();
PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetGroups();
foreach (Principal oResult in oPrincipalSearchResult)
{
myItems.Add(oResult);
}
return myItems;
}
}
}
另请注意,在$directorySearcher.SearchRoot或sDefaultOU您需要使用前雇员所在的OU(或您所称的文件夹),我认为在您的情况下{{1}如果在Powershell中使用,或者如果在.Net代码中使用"LDAP://OU=Ex-Employees,OU=Users,OU=MyBusiness,DC=BusinessName,DC=local"