用于获取用户名的广告组成员资格的Powershell脚本
我想为获得广告组成员资格编写脚本,该脚本以CSV中列出的用户名的SSL_VPN开头 到目前为止,我已经尝试过:用于获取用户名的广告组成员资格的Powershell脚本,powershell,Powershell,我想为获得广告组成员资格编写脚本,该脚本以CSV中列出的用户名的SSL_VPN开头 到目前为止,我已经尝试过: Import-Csv C:\Users.csv | ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} | Get-ADprincipalGroupMembership | Select-Object @{ n = 'samaccountname'; e
Import-Csv C:\Users.csv |
ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} |
Get-ADprincipalGroupMembership |
Select-Object @{ n = 'samaccountname'; e = { $user.samaccountname } }, name |
Export-csv -path C:\UserPermiss.csv -NoTypeInformation
您可以这样使用(csv的第一行必须是samaccountname):
通过DisplayName属性获取用户并不是最安全的做法。如果您的CSV文件具有其他更独特的属性,例如
SamAccountName
、UserPrincipalName
、discrimitedName
或电子邮件地址
,则会更好
无论如何,在您的循环中,您应该检查是否可以找到具有该名称的用户,并且只有这样,才能获得组成员资格
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
if ($user) {
Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
Where-Object { $_.name -like 'SSL_VPN*' } |
Select-Object @{ Name = 'SamAccountName'; Expression = { $user.SamAccountName } },
@{ Name = 'Group'; Expression = { $_.name }}
}
else {
Write-Warning "User '$($_.username)' not found"
# if you want this message to also appear in your output CSV, do something like this:
[PsCustomObject]@{
'SamAccountName' = "User '$($_.username)' not found"
'Group' = ''
}
}
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
如果希望在用户不是SSL_VPN组成员时看到警告消息,可以执行以下操作:
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
if ($user) {
$group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
Where-Object { $_.name -like 'SSL_VPN*' }
if ($group) {
[PsCustomObject]@{
'SamAccountName' = $user.SamAccountName
'Group' = $group.name
}
}
else {
Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
}
}
else {
Write-Warning "User '$($_.username)' not found"
}
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
是否获得ADPrincipalGroupMembership |其中的名称(如“SSL_VPN*”)
满足您的需要?很难判断您的问题是针对组进行过滤还是以正确的格式在CSV中输出。如何添加username不是ssl\u vpn组的成员
warning@Arbelac请看我的编辑。如果找不到用户DisplayName,代码现在也会将警告消息作为对象发送到输出。这就是你的意思吗?@Arbelac我还添加了代码,用于在用户不是组成员时显示警告
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
if ($user) {
$group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
Where-Object { $_.name -like 'SSL_VPN*' }
if ($group) {
[PsCustomObject]@{
'SamAccountName' = $user.SamAccountName
'Group' = $group.name
}
}
else {
Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
}
}
else {
Write-Warning "User '$($_.username)' not found"
}
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation