1

如果成员在 AD 的employeeNumber 属性中有任何值,我想从组中删除他们。我可以使用 Get-ADGroupMember 返回组的所有成员,但是我如何迭代以删除具有值的成员?

4

2 回答 2

2

尝试这样的事情来枚举具有属性集的组成员:

Get-ADGroupMember 'groupname' | Get-ADUser -Properties * |
    ? { $_.employeeNumber -ne $null }

要真正从组中删除这些成员,您必须添加第二步,如下所示:

$membersToRemove = Get-ADGroupMember 'groupname' `
  | Get-ADUser -Properties * `
  | ? { $_.employeeNumber -ne $null } `
  | % { $_.sAMAccountName }
Remove-ADGroupMember 'groupname' $membersToRemove
于 2013-08-19T12:42:11.177 回答
1 
$members = Get-ADGroupMember -Identity group1 | 
Where-Object { (Get-ADUser -Filter {SamAccountName -eq $_.SamAccountName} -Properties EmployeeNumber).EmployeeNumber }

Remove-ADGroupMember -Identity group1 -Members $members -Confirm:$false
于 2013-08-19T13:20:26.633 回答