-1

以下代码查询 AD 以获取有关用户帐户的信息,预计将导出一个 Excel 文件,其中包含名称、用户名、AccountEnabled(是/否)、部门、描述、LastLogonDate 以及 AD 中每个用户拥有的组。目前,该脚本按预期工作,除了在用户组下,它没有在他们都包含的任何用户上列出“域用户”。我正在尝试确定为什么以及如何解决。

Import-Module ActiveDirectory

$Report = @()
#Collect all users
$Users = Get-ADUser -Filter * -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, Department, Description, LastLogonDate -ResultSetSize $Null

# Use ForEach loop, as we need group membership for every account that is collected.
# MemberOf property of User object has the list of groups and is available in DN format.
Foreach($User in $Users){
$UserGroupCollection = $User.MemberOf
#This Array will hold Group Names to which the user belongs.
$UserGroupMembership = @()
#To get the Group Names from DN format we will again use Foreach loop to query every DN and retrieve the Name property of Group.
Foreach($UserGroup in $UserGroupCollection){
$GroupDetails = Get-ADGroup -Identity $UserGroup
#Here we will add each group Name to UserGroupMembership array
$UserGroupMembership += $GroupDetails.Name
}
#As the UserGroupMembership is array we need to join element with ‘,’ as the seperator
$Groups = $UserGroupMembership -join ‘, ‘
#Creating custom objects
$Out = New-Object PSObject
$Out | Add-Member -MemberType noteproperty -Name Name -Value $User.Name
$Out | Add-Member -MemberType noteproperty -Name UserName -Value $User.SamAccountName
$Out | Add-Member -MemberType noteproperty -Name Enabled -Value $User.Enabled
$Out | Add-Member -MemberType noteproperty -Name Department -Value $User.Department
$Out | Add-Member -MemberType noteproperty -Name Description -Value $User.Description
$Out | Add-Member -MemberType noteproperty -Name LastLogonDate -Value $User.LastLogonDate
$Out | Add-Member -MemberType noteproperty -Name Groups -Value $Groups
$Report += $Out
}

#Output to screen as well as csv file.
#$Report | Sort-Object Name | FT -AutoSize

$Report | Sort-Object Name | Export-Csv -Path "C:\Scripts\Output\users.csv" -NoTypeInformation -Encoding UTF8
4

1 回答 1

0

您没有看到它,因为它是大多数用户的主要组。请参阅此问题以获得更好的解释。 https://serverfault.com/questions/955721/why-is-the-domain-users-group-missing-from-this-powershell-ad-query

至于您的脚本,它可能可以通过使用管道和计算属性来简化一点。

$Users = Get-ADUser -Filter * -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, Department, Description, LastLogonDate -ResultSetSize $Null

$users | Select Name, @{Name='Username';Expression={$_.SamAccountName}}, Enabled, Department, Description, LastLogonDate, `
    @{Name='Groups';Expression={ 
        ($_.MemberOf | foreach{ Get-AdGroup -Identity $_ } | select -expand name) -join "," 
    }}

如果您希望它运行得更快,请删除 Get-AdGroup 命令并将其替换为 split/trim 命令。虽然这有点笨拙,但要快得多。

$users | Select Name, @{Name='Username';Expression={$_.SamAccountName}}, Enabled, Department, Description, LastLogonDate, `
    @{Name='Groups';Expression={ 
            ($_.MemberOf | foreach {($_ -split ",")[0].TrimStart('CN=')}) `
        }} | select -expand groups | Sort-Object

像您这样创建自定义对象的更优雅的方法是这样的。

[pscustomobject]@{
    Username= "jdoe"
    FullName = "John Doe"
}
于 2021-04-27T15:44:23.660 回答