【问题标题】:List ActiveDirectory users belonging specified groups with powershell使用 powershell 列出属于指定组的 ActiveDirectory 用户
【发布时间】:2019-11-18 23:37:34
【问题描述】:

我想创建属于某些组的 Active Directory 用户的报告。

使用 powershell 我可以得到usernameobjectClass

Get-ADGroup -Filter {name -Like "admin_*"} | Get-ADGroupMember | Select-Object name, objectClass

如何添加它们所属的 ADGroup 列?

我想要一份报告

Group           Name             objectClass
------          -------          ------------
admin_a         user1            user
admin_a         user2            user
admin_b         user1            user
admin_c         user3            user
....

【问题讨论】:

    标签: powershell active-directory


    【解决方案1】:

    可以使用PipelineVariable常用参数:

    #requires -Version 4
    
    Get-ADGroup -Filter 'Name -like "admin_*"' -PipelineVariable group |
        Get-ADGroupMember |
        Select-Object -Property @{L='Group'; E={$group.Name}}, name, objectClass
    

    【讨论】:

      【解决方案2】:

      如果您使用 ForEach-Object 而不仅仅是管道,您可以将组的名称保存到一个变量中,然后您可以在输出中使用该变量。

      Get-ADGroup -Filter {Name -like 'admin_*'} | ForEach-Object {
      
          $groupName = $_.Name
      
          $_ | Get-ADGroupMember | 
              Select-Object @{N='Group';E={$groupName}}, Name, objectClass
      
      }
      

      @{N='Group';E={$groupName}} 表示法使用您选择的名称和指定的值创建一个新列。 NName 的缩写,EExpression 的缩写。如果需要,您可以使用这些全名,例如 @{Name='Group';Expression={$groupName}}

      【讨论】:

      • 作为脚注,技术名称是计算属性。 See the Property parameter doc
      • @TheIncorrigible1 谢谢!我试图找到它的文档,但我找不到它!
      【解决方案3】:

      这可能会有所帮助,它收集有关不同域中不同组的信息,包括审计组中的嵌套组并将数据导出到 csv 文件。

      #groups to audit
      $groups = "Domain Admins", "Schema Admins","Enterprise Admins","Administrators"
      #domains to audit
      $domains = "domain.local"
      $date = $([System.DateTime]::Now)
      $reportdate = $date.ToString("yyyy_MM_dd_HH_mm_ss")
      $data = @()
      
      
      foreach ($domain in $domains){
      
      foreach ($group in $groups){
      Write-Verbose "Working with $group in $domain" -Verbose
      #get group
      try{
      $gr = $null
      $gr = Get-ADGroup -Identity $group -Properties Description,created,modified,distinguishedname -ErrorAction Stop -Server $domain
      #get group members
      try{
      $grm = $null
      $grm = Get-ADGroupMember -Identity $gr -ErrorAction Stop -Server $domain
      
      #get group members information
      foreach ($groupmember in $grm){
      $grmname = $groupmember.name
      
      
      #
      $userdomain =([RegEx]::Matches($groupmember.distinguishedname, '(?i)DC=\w{1,}?\b')|ForEach-Object { $_.Value -replace ("DC=","") }) -join '.';
      
      try{$gm = Get-ADObject -Identity $groupmember.distinguishedname -Properties Name,ObjectClass,Samaccountname,Created,Modified,DistinguishedName,Description -Server $userdomain -ErrorAction Stop }
      catch {Write-Verbose "Something is wrong with group member $grmname. Error: $_" -Verbose}
      
      $Property = [Ordered]@{
      ReportDomain = $domain;
      ParrentGroup = $gr.Name;
      ParrentGroupModified = $gr.Modified;
      ParrentGroupCreated = $gr.Created;
      MemberName = $gm.Name;
      MemberClass = $gm.ObjectClass;
      MemberSamaccountname = $gm.Samaccountname;
      MemberDescription = $gm.Description;
      MemberDN = $gm.DistinguishedName;
      MemberCreated = $gm.Created;
      ReportDate = $date
      }
      
      $row = New-Object -TypeName psobject -Property $Property
      $data+=$row
      
      
      }#foreach group member end
      }#end try get group members
      catch {Write-Verbose "Something is wrong with group members: $_" -Verbose}
      
      }#end try get group
      catch {Write-Verbose "Something is wrong with group: $_" -Verbose}
      }#foreach group end
      
      }#foreach domain end
      
      
      $data|Export-Csv -Path C:\Temp\Group_report_$reportdate.csv -NoTypeInformation -Encoding UTF8 -Force
      $data
      
      Write-Verbose "File created: C:\Temp\Group_report_$reportdate.csv" -Verbose
      

      【讨论】:

        猜你喜欢
        • 2013-02-27
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2012-10-30
        • 2021-11-23
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多