0

我有一个用户列表,我需要知道他们的 Active Directory 组成员身份。我需要他们用用户名、组名和组类型(分发安全性)在 csv 中组合在一起,但我运气不佳。下面是我尝试编写和使用的 Powershell 脚本。

$Users = Get-Content -Path 'C:\Scripts\Lists\UserDistro.txt'

Foreach ($user in $users) {

$GroupName = Get-ADPrincipalGroupMembership $user | Select-Object -Property Name
$GroupType = Get-ADPrincipalGroupMembership $user | Select-Object -Property GroupCategory

$Results = @{'Username'=$User;'Group'=$GroupType}

$obj = New-Object -TypeName PSObject -Property $Results
Write-Output $Obj | Format-table -AutoSize

我得到的输出如下所示:

Username Group                                                                                         GroupType                                                                              
-------- -----                                                                                         ---------                                                                              
psmith  {@{Name=Domain Users}, @{Name=Group1}, @{Name=Group2}, @{Name=Group3:}...} {@{GroupCategory=Security}, @{GroupCategory=Security}, @{GroupCategory=Security}, @{...

我遇到的问题是

  • 列表被截断,应该有比这里显示的更多的组
  • 我不需要所有这些外围信息@{Name=只是组名
  • 我怎样才能对这个进行排序,以便组名和组类型阵容?
4

1 回答 1

0

我不喜欢Get-ADPrincipalGroupMembership这样,这是我个人会使用的:

$Users = Get-Content -Path 'C:\Scripts\Lists\UserDistro.txt'

$result = foreach($user in $users)
{
    $adUsr = Get-ADUser $user
    $membership = Get-ADGroup -LDAPFilter "(member=$($user.DistinguishedName))"
    
    foreach($group in $membership)
    {
        [pscustomobject]@{
            User = $adUsr.samAccountName
            GroupName = $group.Name
            GroupType = $group.GroupCategory
        }
    }
}

$result | Format-Table -AutoSize

使用Get-ADPrincipalGroupMembership看起来像这样:

$Users = Get-Content -Path 'C:\Scripts\Lists\UserDistro.txt'

$result = foreach($user in $users)
{
    $membership = Get-ADPrincipalGroupMembership $user
    
    foreach($group in $membership)
    {
        [pscustomobject]@{
            User = $user
            GroupName = $group.Name
            GroupType = $group.GroupCategory
        }
    }
}

$result | Format-Table -AutoSize

或与Select-Object

$Users = Get-Content -Path 'C:\Scripts\Lists\UserDistro.txt'

$result = foreach($user in $users)
{
    Get-ADPrincipalGroupMembership $user |
    Select-Object @{n='User';e={$user}},
                  @{n='GroupName';e={$_.Name}},
                  @{n='GroupType';e={$_.GroupCategory}}
}

$result | Format-Table -AutoSize
于 2021-07-30T20:25:48.727 回答