Fatal编程技术网
  • powershell/
  • 用于获取用户名的广告组成员资格的Powershell脚本

用于获取用户名的广告组成员资格的Powershell脚本

powershell

用于获取用户名的广告组成员资格的Powershell脚本,powershell,Powershell,我想为获得广告组成员资格编写脚本,该脚本以CSV中列出的用户名的SSL_VPN开头 到目前为止,我已经尝试过: Import-Csv C:\Users.csv | ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} | Get-ADprincipalGroupMembership | Select-Object @{ n = 'samaccountname'; e

我想为获得广告组成员资格编写脚本,该脚本以CSV中列出的用户名的SSL_VPN开头

到目前为止,我已经尝试过:

Import-Csv C:\Users.csv |
  ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} |
    Get-ADprincipalGroupMembership |
      Select-Object @{ n = 'samaccountname'; e = { $user.samaccountname } }, name |
        Export-csv -path C:\UserPermiss.csv -NoTypeInformation
您可以这样使用(csv的第一行必须是samaccountname):

通过DisplayName属性获取用户并不是最安全的做法。如果您的CSV文件具有其他更独特的属性,例如
SamAccountName
UserPrincipalName
discrimitedName
电子邮件地址
,则会更好

无论如何,在您的循环中,您应该检查是否可以找到具有该名称的用户,并且只有这样,才能获得组成员资格

Import-Csv 'C:\Users.csv' | ForEach-Object { 
    $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
    if ($user) {
        Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
        Where-Object { $_.name -like 'SSL_VPN*' } |
        Select-Object @{ Name = 'SamAccountName'; Expression = { $user.SamAccountName } },
                      @{ Name = 'Group'; Expression = { $_.name }}
    } 
    else {
        Write-Warning "User '$($_.username)' not found"

        # if you want this message to also appear in your output CSV, do something like this:
        [PsCustomObject]@{
            'SamAccountName' = "User '$($_.username)' not found"
            'Group' = ''
        }
    }
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
如果希望在用户不是SSL_VPN组成员时看到警告消息,可以执行以下操作:

Import-Csv 'C:\Users.csv' | ForEach-Object { 
    $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
    if ($user) {
        $group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName | 
                 Where-Object { $_.name -like 'SSL_VPN*' }
        if ($group) {
            [PsCustomObject]@{
                'SamAccountName' = $user.SamAccountName 
                'Group'          = $group.name
            }
        }
        else {
            Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
        }
    } 
    else {
        Write-Warning "User '$($_.username)' not found"
    }
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation

是否获得ADPrincipalGroupMembership |其中的名称(如“SSL_VPN*”)
满足您的需要?很难判断您的问题是针对组进行过滤还是以正确的格式在CSV中输出。如何添加
username不是ssl\u vpn组的成员
warning@Arbelac请看我的编辑。如果找不到用户DisplayName,代码现在也会将警告消息作为对象发送到输出。这就是你的意思吗?@Arbelac我还添加了代码,用于在用户不是组成员时显示警告 
Import-Csv 'C:\Users.csv' | ForEach-Object { 
    $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
    if ($user) {
        $group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName | 
                 Where-Object { $_.name -like 'SSL_VPN*' }
        if ($group) {
            [PsCustomObject]@{
                'SamAccountName' = $user.SamAccountName 
                'Group'          = $group.name
            }
        }
        else {
            Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
        }
    } 
    else {
        Write-Warning "User '$($_.username)' not found"
    }
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation