【发布时间】:2018-11-27 16:29:35
【问题描述】:
我在让所有 AD 用户进入我的工作环境时遇到问题。 它运行了大约 30 分钟,然后显示以下错误:
Get-ADUser : The server has returned the following error: invalid enumeration context.
At line:3 char:19
+ Get-ADUser -filter * -Properties * |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
我做了一些研究,发现 MaxEnumContextExpiration = 30 Mins 并认为这就是它在 30 分钟停止运行的原因。
我的问题是:有没有更快的方法来拉动我工作环境中的所有用户(大约 6 万名员工)以及他们的所有信息(姓名、Samaccountname、描述、组成员资格、帐户状态等...)
这是我目前拥有的脚本:
Import-module activedirectory
$daTA=@(
Get-ADUser -filter * -Properties * |
Select-Object @{Label = "FirstName";Expression = {$_.GivenName}},
@{Name = "LastName";Expression = {$_.Surname}},
@{Name = "Full address";Expression = {$_.StreetAddress}},
@{Name = "Fullname";Expression = {$_.Name}},
@{Name = "LogonName";Expression = {$_.Samaccountname}},
@{Name = "City";Expression = {$_.City}},
@{Name = "State";Expression = {$_.st}},
@{Name = "Post Code";Expression = {$_.PostalCode}},
@{Name = "Country/Region";Expression ={$_.Country}},
@{Name = "MobileNumber";Expression = {$_.mobile}},
@{Name = "Phone";Expression = {$_.telephoneNumber}},
@{Name = "Description";Expression = {$_.Description}},
@{name= "OU";expression={$_.DistinguishedName.split(',')[1].split('=')[1]}},
@{Name = "Email";Expression = {$_.Mail}},
@{Name = "MemberOfGroups";e= { ( $_.memberof | % { (Get-ADGroup $_).Name }) -join “,” }},
@{Name = "Primary Group";Expression= {$_.primarygroup -replace '^CN=|,.*$'}},
@{Name = "UserPrincipalName";Expression = {$_.UserPrincipalName}},
@{Name = "LastLogonTimeSTamp";Expression = {if(($_.lastLogonTimestamp -like '*1/1/1601*' -or $_.lastLogonTimestamp -eq $null)){'NeverLoggedIn'} Else{[DateTime]::FromFileTime($_.lastLogonTimestamp)}}},
@{Name = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}},
@{Name = "LastLogonDate";Expression = {if(($_.lastlogondate -like '*1/1/1601*' -or $_.lastlogondate -eq $null)){'NeverLoggedIn'} Else{$_.lastlogondate}}},
@{Name = "WhenUserWasCreated";Expression = {$_.whenCreated}},
@{Name = "accountexpiratondate";Expression = {$_.accountexpiratondate}},
@{Name = "PasswordLastSet";Expression = {([DateTime]::FromFileTime($_.pwdLastSet))}},
@{Name = "PasswordExpiryDate";Expression={([datetime]::fromfiletime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}},
@{Name = "Password Never";Expression = {$_.passwordneverexpires}},
@{Name = "HomeDriveLetter";Expression = {$_.HomeDrive}},
@{Name = "HomeFolder";Expression = {$_.HomeDirectory}},
@{Name = "scriptpath";Expression = {$_.scriptpath}},
@{Name = "HomePage";Expression = {$_.HomePage}},
@{Name = "Department";Expression = {$_.Department}},
@{Name = "EmployeeID";Expression = {$_.EmployeeID}},
@{Name = "Job Title";Expression = {$_.Title}},
@{Name = "EmployeeNumber";Expression = {$_.EmployeeNumber}},
@{Name = "Manager";Expression={($_.manager -replace 'CN=(.+?),(OU|DC)=.+','$1')}},
@{Name = "Company";Expression = {$_.Company}},
@{Name = "Office";Expression = {$_.OfficeName}}
)
$DAta | Sort LastLogondate -Descending |
Export-Csv -Path c:\adusers.csv -NoTypeInformation
【问题讨论】:
-
我显然有 16,000 个 AD 用户,使用
Get-ADUser -Filter * -Properties *大约需要 4 分 30 秒,如果我添加| Select *则需要 5 分 5 秒。我认为定义所有这些标签可能会减慢速度。 -
你能不能通过 OU 来抓取对象而不是“整个热闹的广告”? [grin] ///// 同样,您可能希望首先将它们抓取到 $Var 中,然后遍历集合。不知道会占用多少内存。 ///// 同样,尝试通过仅获取您需要的属性来减轻 AD 服务器上的负载。把它们全部拿走应该是一个非常沉重的负担......
标签: powershell active-directory