5

我正在尝试开发一个 powershell 脚本来帮助管理 AD 组成员资格。我们有一些大型组(30k-60k+ 对象),我们想用来自另一个系统的数据进行更新。

该脚本从文本文件加载应该在组中的对象。然后,每个对象都必须使用System.DirectoryServices.DirectorySearcher. 之后,每个对象都被添加到组成员中。

该脚本花费了大约 80% 的时间来查找每个对象,是否有大量方法可以使用 powershell 在 AD 中查找对象?

谢谢!

4

4 回答 4

3

这是我在经验中发现的查询 AD 的快速方法,您需要更改查询以查找特定对象,在此代码中,您将在$objRecordSet.

$Ads_Scope_SubTree = 2        
$objConnection = new-Object  -com "ADODB.Connection"
$objCommand = new-Object -com "ADODB.Command"

$objConnection.Provider = "ADsDSOObject"
$objConnection.Open( "Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.Properties.Item("Page Size").value = 1000
$objCommand.Properties.item("Searchscope").value = $Ads_Scope_SubTree 

$objCommand.CommandText = "Select Name From 'LDAP://DC = int, DC= my, DC = local' Where objectCategory = 'Person'" 

$objRecordSet = $objCommand.Execute()
$objRecordSet.RecordCount

更多信息在这里

于 2012-04-30T21:26:35.497 回答
1

如果您开始看到超时问题,请适当设置超时参数,如下所示

$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName
$ADDPConnect.Timeout = "1000"
于 2012-06-19T16:02:29.863 回答
1

您也许可以尝试System.DirectoryServices.Protocols (S.DS.P),本机(非托管)版本非常有效。

这是一个 PowerShell 启动脚本:

# ADDP-Connect.PS1

Clear-Host
# Add the needed assemblies
Add-Type -AssemblyName System.DirectoryServices.Protocols

# Connexion
$serverName = "WM2008R2ENT" 
$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName

$userName = "JPB"
$pwd = "PWD"
$domain = "Dom"
$ADDPConnect.Credential = New-Object system.Net.NetworkCredential -ArgumentList $userName,$pwd,$domain

# Create a searcher
$searchTargetOU = "dc=dom,dc=fr"
$searchFilter = "(samAccountName=user1)"
$searchScope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$searchAttrList = $null

foreach($user in "user1","user2","user3")
{
  $searchFilter = "(samAccountName=$user)"
  $searchRequest = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $searchTargetOU,$searchFilter,$searchScope,$searchAttrList

  $searchResponse = $ADDPConnect.SendRequest($searchRequest)

  foreach($searchEntries in $searchResponse.Entries)
  {
    $searchEntries.DistinguishedName
  }
}
于 2012-05-01T19:50:06.253 回答
0

如果您在执行期间看到超时问题,以下内容会有所帮助

$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName
$ADDPConnect.Timeout = "1000"
于 2012-06-19T15:41:56.463 回答