'；域用户'；使用PowerShell脚本在Active Directory上报告时未显示组_Powershell_Active Directory_Activedirectorymembership

'；域用户'；使用PowerShell脚本在Active Directory上报告时未显示组

powershell active-directory

'；域用户'；使用PowerShell脚本在Active Directory上报告时未显示组,powershell,active-directory,activedirectorymembership,Powershell,Active Directory,Activedirectorymembership,下面的代码查询AD以获取有关用户帐户的信息，并希望导出一个excel文件，其中包含名称、用户名、AccountEnabled（是/否）、部门、说明、LastLogonDate以及AD中每个用户拥有的组。目前，该脚本按预期工作，除了在用户组下，它没有在所有用户组中都包含的任何用户上列出“域用户”。我正在试图确定为什么以及如何修复 Import-Module ActiveDirectory $Report = @() #Collect all users $Users = Get-ADUser -

下面的代码查询AD以获取有关用户帐户的信息，并希望导出一个excel文件，其中包含名称、用户名、AccountEnabled（是/否）、部门、说明、LastLogonDate以及AD中每个用户拥有的组。目前，该脚本按预期工作，除了在用户组下，它没有在所有用户组中都包含的任何用户上列出“域用户”。我正在试图确定为什么以及如何修复

Import-Module ActiveDirectory

$Report = @()
#Collect all users
$Users = Get-ADUser -Filter * -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, Department, Description, LastLogonDate -ResultSetSize $Null

# Use ForEach loop, as we need group membership for every account that is collected.
# MemberOf property of User object has the list of groups and is available in DN format.
Foreach($User in $Users){
$UserGroupCollection = $User.MemberOf
#This Array will hold Group Names to which the user belongs.
$UserGroupMembership = @()
#To get the Group Names from DN format we will again use Foreach loop to query every DN and retrieve the Name property of Group.
Foreach($UserGroup in $UserGroupCollection){
$GroupDetails = Get-ADGroup -Identity $UserGroup
#Here we will add each group Name to UserGroupMembership array
$UserGroupMembership += $GroupDetails.Name
}
#As the UserGroupMembership is array we need to join element with ‘,’ as the seperator
$Groups = $UserGroupMembership -join ‘, ‘
#Creating custom objects
$Out = New-Object PSObject
$Out | Add-Member -MemberType noteproperty -Name Name -Value $User.Name
$Out | Add-Member -MemberType noteproperty -Name UserName -Value $User.SamAccountName
$Out | Add-Member -MemberType noteproperty -Name Enabled -Value $User.Enabled
$Out | Add-Member -MemberType noteproperty -Name Department -Value $User.Department
$Out | Add-Member -MemberType noteproperty -Name Description -Value $User.Description
$Out | Add-Member -MemberType noteproperty -Name LastLogonDate -Value $User.LastLogonDate
$Out | Add-Member -MemberType noteproperty -Name Groups -Value $Groups
$Report += $Out
}

#Output to screen as well as csv file.
#$Report | Sort-Object Name | FT -AutoSize

$Report | Sort-Object Name | Export-Csv -Path "C:\Scripts\Output\users.csv" -NoTypeInformation -Encoding UTF8

您没有看到它，因为它是大多数用户的主要组。请参阅此问题以获得更好的解释。

至于脚本，通过使用管道和计算属性，它可能会简化一些

$Users = Get-ADUser -Filter * -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, Department, Description, LastLogonDate -ResultSetSize $Null

$users | Select Name, @{Name='Username';Expression={$_.SamAccountName}}, Enabled, Department, Description, LastLogonDate, `
    @{Name='Groups';Expression={ 
        ($_.MemberOf | foreach{ Get-AdGroup -Identity $_ } | select -expand name) -join "," 
    }}

如果希望它运行得更快，请删除Get-AdGroup命令，并将其替换为split/trim命令。虽然这有点刺耳，但速度要快得多

$users | Select Name, @{Name='Username';Expression={$_.SamAccountName}}, Enabled, Department, Description, LastLogonDate, `
    @{Name='Groups';Expression={ 
            ($_.MemberOf | foreach {($_ -split ",")[0].TrimStart('CN=')}) `
        }} | select -expand groups | Sort-Object

像您正在做的那样，创建自定义对象的更优雅的方法是这样的

[pscustomobject]@{
    Username= "jdoe"
    FullName = "John Doe"
}

我的理解是，所讨论的组是默认组，每个用户都将是其中的一员。我不认为你可以在一个域上，而不是该组的成员。因此，它可能不作为一个组存在。[咧嘴笑]