Powershell 带输出的多组AD检查
我正在尝试创建一个脚本,用于检查组a的成员是否不是组b-g的成员,如果他们不是组b-g的成员,则将其名称输出到日志/excel工作表中-我已将其用于输出属于这些组的成员的姓名,但我无法使其返回多个组的相反名称。如果我能制作一个excel表格,在一列中返回哪些用户是组的一部分,在另一列中返回哪些用户是组的一部分,那就太好了,但是excel表格输出有问题。这是我到目前为止完成的代码。谢谢你的帮助Powershell 带输出的多组AD检查,powershell,active-directory,wildcard,Powershell,Active Directory,Wildcard,我正在尝试创建一个脚本,用于检查组a的成员是否不是组b-g的成员,如果他们不是组b-g的成员,则将其名称输出到日志/excel工作表中-我已将其用于输出属于这些组的成员的姓名,但我无法使其返回多个组的相反名称。如果我能制作一个excel表格,在一列中返回哪些用户是组的一部分,在另一列中返回哪些用户是组的一部分,那就太好了,但是excel表格输出有问题。这是我到目前为止完成的代码。谢谢你的帮助 $logfile = "C:\Users\x\temp\outputgroupmembers.l
$logfile = "C:\Users\x\temp\outputgroupmembers.log"
$group1 = get-adgroup group-a
$checkgroups = Get-ADGroup -filter 'Name -like "AREA_*"' | Select-Object Name
Foreach ($Usr In Get-ADGroupMember -Identity $group1.DistinguishedName)
{
# If the 'MemberOf' array of $Usr's group memberships contains 'group1', then...
If ((Get-ADUser $Usr.SamAccountName -Properties MemberOf).MemberOf -contains $checkgroups)
{
try{
# output user information to document log'.
$displayname = get-aduser $Usr.SamAccountName -Properties DisplayName | select -expand displayname
write-output $Usr.SamAccountName $displayname >> $logfile
}
catch {
write-output "Domain users group NOT output to logfile" >> $logfile
}
}}
看看这个剪下来的。我修改了您的代码并添加了第二个foreach循环。
这可能有助于解决您的任务
[System.String]$InputADGroup = 'group-a'
[Microsoft.ActiveDirectory.Management.ADGroup[]]$ADGroupsToCheck = Get-ADGroup -Filter 'Name -like "AREA_*"'
foreach ($Member in (Get-ADGroupMember -Identity $InputADGroup)) #Process each member of the input ad group
{
#Get MemberOf from user
[System.String[]]$MemberOfGroups = (Get-ADUser -Identity $Member.SamAccountName -Properties MemberOf).MemberOf
#Check each MemberOf group
foreach ($MemberOfGroup in $MemberOfGroups)
{
#Check if user is member of one of the check groups
if ($ADGroupsToCheck.DistinguishedName -contains $MemberOfGroup)
{
Write-Output -InputObject ('User ' + $Member.SamAccountName + ' is member of ' + $MemberOfGroup)
}
}
}
看看这个剪下来的。我修改了您的代码并添加了第二个foreach循环。
这可能有助于解决您的任务
[System.String]$InputADGroup = 'group-a'
[Microsoft.ActiveDirectory.Management.ADGroup[]]$ADGroupsToCheck = Get-ADGroup -Filter 'Name -like "AREA_*"'
foreach ($Member in (Get-ADGroupMember -Identity $InputADGroup)) #Process each member of the input ad group
{
#Get MemberOf from user
[System.String[]]$MemberOfGroups = (Get-ADUser -Identity $Member.SamAccountName -Properties MemberOf).MemberOf
#Check each MemberOf group
foreach ($MemberOfGroup in $MemberOfGroups)
{
#Check if user is member of one of the check groups
if ($ADGroupsToCheck.DistinguishedName -contains $MemberOfGroup)
{
Write-Output -InputObject ('User ' + $Member.SamAccountName + ' is member of ' + $MemberOfGroup)
}
}
}
这是我从另一篇文章中得到的代码,我在reddit上提出了同样的问题,如果有人有类似的问题
$ReferenceGroup = Get-ADGroupMember BBB
$GroupList = @('CCC')
$Output = New-Object System.Collections.Generic.List[System.Object]
foreach ($User in $ReferenceGroup) {
$MemberObject = [pscustomobject]@{
Name = $User.name
}
foreach ($Group in $GroupList) {
if ((Get-ADGroupMember $Group)-match $User){
$MemberObject | Add-Member -MemberType NoteProperty -Name $Group -Value Yes
}
else {
$MemberObject | Add-Member -MemberType NoteProperty -Name $Group -Value No
}
}
$Output.Add($MemberObject)
}
$Output | Export-Csv -Path C:\Users\Public\test.csv
这是我从另一篇文章中得到的代码,我在reddit上提出了同样的问题,如果有人有类似的问题
$ReferenceGroup = Get-ADGroupMember BBB
$GroupList = @('CCC')
$Output = New-Object System.Collections.Generic.List[System.Object]
foreach ($User in $ReferenceGroup) {
$MemberObject = [pscustomobject]@{
Name = $User.name
}
foreach ($Group in $GroupList) {
if ((Get-ADGroupMember $Group)-match $User){
$MemberObject | Add-Member -MemberType NoteProperty -Name $Group -Value Yes
}
else {
$MemberObject | Add-Member -MemberType NoteProperty -Name $Group -Value No
}
}
$Output.Add($MemberObject)
}
$Output | Export-Csv -Path C:\Users\Public\test.csv
是否缺少一些代码?在哪里指定了
$groupforeach$checkgroups$groupforeach$checkgroups