Fatal编程技术网
  • powershell/
  • Powershell Active Directory:正在从域组件检索数据

Powershell Active Directory:正在从域组件检索数据

powershell active-directory

Powershell Active Directory:正在从域组件检索数据,powershell,active-directory,Powershell,Active Directory,我想从active directory获取所有用户和组(该用户所属)。我有下面这个powershell脚本,它只提供了特定OU的用户,而且显然还有一些组没有出现在结果中,可能是因为它们仅限于“ITE”OU: 我想更改它,以便从“idb”级别获取所有数据,而不仅仅是“ITE” 我尝试的是以下脚本: #Get Membership of Users $UsersPerGroup = Get-ADUser -Filter * -SearchBase "DC=idb,DC=iadb,DC=org" -P

我想从active directory获取所有用户和组(该用户所属)。我有下面这个powershell脚本,它只提供了特定OU的用户,而且显然还有一些组没有出现在结果中,可能是因为它们仅限于“ITE”OU:

我想更改它,以便从“idb”级别获取所有数据,而不仅仅是“ITE”

我尝试的是以下脚本:

#Get Membership of Users
$UsersPerGroup = Get-ADUser -Filter * -SearchBase "DC=idb,DC=iadb,DC=org" -Properties DisplayName, memberof | % {
    New-Object PSObject -Property @{
    UserName = $_.DisplayName
    Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
    }
} |Sort-Object UserName | Select UserName, Groups
我得到了很多错误的列表:

Get-ADGroup : Cannot find an object with identity: 'CN=RandSATestStubbing,CN=Users,DC=iadb,DC=org' under: 'DC=idb,DC=iadb,DC=org'.
At line:4 char:25
+ Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -j ...
+                         ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (CN=RandSATestSt...,DC=iadb,DC=org:ADGroup) [Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup



Get-ADGroup : Cannot find an object with identity: 'CN=Exchange Recipient Administrators,OU=Microsoft Exchange Security Groups,DC=iadb,DC=org' under: 'DC=idb,DC=iadb,DC=org'
At line:4 char:25
+ Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -j ...
+                         ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (CN=Exchange Rec...,DC=iadb,DC=org:ADGroup) [Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup



Get-ADGroup : Cannot find an object with identity: 'CN=Exchange Organization Administrators,OU=Microsoft Exchange Security Groups,DC=iadb,DC=org' under: 'DC=idb,DC=iadb,DC=o
At line:4 char:25
+ Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -j ...
+                         ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (CN=Exchange Org...,DC=iadb,DC=org:ADGroup) [Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
。。。名单还在继续

我也试过:

$UsersPerGroup = Get-ADUser -Filter * -SearchBase "DC=idb,DC=iadb,DC=org" -Properties DisplayName, memberof | % {
    New-Object PSObject -Property @{
    UserName = $_.DisplayName
    Groups = ($_.memberof | % { Get-ADGroup -Identity $_ -Server ($_ -replace '^.*?DC=','DC=') } | Select -ExpandProperty Name) -join ","
    }
} |Sort-Object UserName | Select UserName, Groups
你好

将searchbase参数更新为域中要开始搜索的级别的DN(DiscriminatedName)

广告模块不追踪推荐(跨域),因此在将“memberof”传送到
Get-ADGroup
时,必须指定正确的域。尝试(未经测试):

您仅将用户搜索限制为“idb”(如果需要,可以在searchbase中修改)。如果您缺少组,则它们很可能是间接成员身份(通过另一个组成为成员。Memberof仅显示直接成员身份),它被设置为用户的主组(不在Memberof中列出,99%的时间应该是“域用户”),或者您缺少对组的权限(不太可能)如何将用户搜索限制为“idb”?我尝试删除,直到“ou=hq”,但没有成功。该值是一个distincidencedName(DN),它是从右侧开始的ou/容器的逗号分隔路径。如果要在IDB级别进行搜索,则必须删除其左侧的每个部分,在本例中,这些部分将是“ou=users,ou=ite,ou=hq”。(请记住删除末尾的逗号)@FrodeF。是的,我尝试删除“ou=users,ou=ite,ou=hq”,它会返回很多错误,比如如果没有匹配。对于DN,您是什么意思?我还必须按DN更改DC?searchbase参数需要一个DN(DifferentizedName)-值,这是一种路径类型(如文件共享\\server\share\folder的UNC)<代码>-SearchBase“DC=idb,DC=iadb,DC=org”应该可以工作。如果出现错误,应使用尝试的代码和错误更新问题 
$UsersPerGroup = Get-ADUser -Filter * -SearchBase "DC=idb,DC=iadb,DC=org" -Properties DisplayName, memberof | % {
    New-Object PSObject -Property @{
    UserName = $_.DisplayName
    Groups = ($_.memberof | % { Get-ADGroup -Identity $_ -Server ($_ -replace '^.*?DC=','DC=') } | Select -ExpandProperty Name) -join ","
    }
} |Sort-Object UserName | Select UserName, Groups

#Get Membership of Users
$UsersPerGroup = Get-ADUser -Filter * -SearchBase "DC=idb,DC=iadb,DC=org" -Properties DisplayName, memberof | % {
    New-Object PSObject -Property @{
    UserName = $_.DisplayName
    Groups = ($_.memberof | % { Get-ADGroup -Server ($_ -replace '^.*?DC=' -replace ',DC=', '.') | Select -ExpandProperty Name) -join ","
    }
} |Sort-Object UserName | Select UserName, Groups