Powershell:Reversing/iterating 通过具有多对一关系的哈希表
Powershell: Reversing/iterating through a hashtable with a many-to-one relationship
我正在 Active Directory/Azure 中自动执行一项任务,该任务检查组的哈希表,如果它们是键(AAD 组)的成员,则将它们添加到值(AD 组)。结构和方法基本如下:
$mappings = @{
"1 - AAD Group" = "AD 1"
"1 - Another Group" = "AD 1"
"2 - Hello" = "AD 2"
"3 - Hi" = "AD 3"
"3 - Another" = "AD 3"
"3 - Again" = "AD 3"
}
foreach ($mapping in $mappings.GetEnumerator() | Sort-Object -Property Key) {
# Get AAD and AD group names
$aadgroup = $mapping.Key
$adgroup = $mapping.Value
# Get object ID of AAD group
$objectid = (Get-AzureADGroup -All $true | Where-Object {$_.DisplayName -eq $aadgroup}).ObjectId
# Get members of AAD group
$members = Get-AzureADGroupMember -All $true -ObjectId $objectid
# Check if each member is part of the corresponding AD group
foreach ($member in $members) {
$username = $member.MailNickName
$groups = (Get-ADUser -Identity $username -Properties MemberOf).MemberOf
if (!($groups -match $adgroup)) {
# User is not a member of the AD group, so add to group
Add-ADGroupMember -Identity "$adgroup" -Members $username
}
}
}
每个 AAD 组链接到一个 AD 组,但一个 AD 组可能链接到多个 AAD 组。
那部分没问题,如果用户在关联的 AAD 组中,我已成功将他们添加到 AD 组。当我想事后做相反的事情时,我就会感到困惑。也就是说,对于属于 AD 1 的每个用户,如果他们不在与该组关联的任何 AAD 组中,则将其从 AD 1 中删除。
我想到的方法是创建另一个哈希表,其中键是 AD 组,然后值是与该组关联的 AAD 组数组,并遍历每个键以检查是否他们是任何价值群体的一部分。我如何才能根据原始哈希表中的数据自动创建该哈希表,然后如何为单个键遍历多个值?
可能有更好的数据结构或方法,我不知道哪个可以使整个事情变得更容易,但我的整体知识非常有限。任何建议将不胜感激,谢谢。
您可以像这样用 Group-Object 翻转 $mappings table:
$mappings = @{
"1 - AAD Group" = "AD 1"
"1 - Another Group" = "AD 1"
"2 - Hello" = "AD 2"
"3 - Hi" = "AD 3"
"3 - Another" = "AD 3"
"3 - Again" = "AD 3"
}
$reverseMappings = $mappings.GetEnumerator() |Group -Property Value -AsHashTable
foreach($reverseMapping in $reverseMappings.GetEnumerator()){
$ADGroup = $reverseMapping.Key
foreach($AADGroup in $reverseMapping.Value.Name){
# Add AAD members here
}
}
我正在 Active Directory/Azure 中自动执行一项任务,该任务检查组的哈希表,如果它们是键(AAD 组)的成员,则将它们添加到值(AD 组)。结构和方法基本如下:
$mappings = @{
"1 - AAD Group" = "AD 1"
"1 - Another Group" = "AD 1"
"2 - Hello" = "AD 2"
"3 - Hi" = "AD 3"
"3 - Another" = "AD 3"
"3 - Again" = "AD 3"
}
foreach ($mapping in $mappings.GetEnumerator() | Sort-Object -Property Key) {
# Get AAD and AD group names
$aadgroup = $mapping.Key
$adgroup = $mapping.Value
# Get object ID of AAD group
$objectid = (Get-AzureADGroup -All $true | Where-Object {$_.DisplayName -eq $aadgroup}).ObjectId
# Get members of AAD group
$members = Get-AzureADGroupMember -All $true -ObjectId $objectid
# Check if each member is part of the corresponding AD group
foreach ($member in $members) {
$username = $member.MailNickName
$groups = (Get-ADUser -Identity $username -Properties MemberOf).MemberOf
if (!($groups -match $adgroup)) {
# User is not a member of the AD group, so add to group
Add-ADGroupMember -Identity "$adgroup" -Members $username
}
}
}
每个 AAD 组链接到一个 AD 组,但一个 AD 组可能链接到多个 AAD 组。
那部分没问题,如果用户在关联的 AAD 组中,我已成功将他们添加到 AD 组。当我想事后做相反的事情时,我就会感到困惑。也就是说,对于属于 AD 1 的每个用户,如果他们不在与该组关联的任何 AAD 组中,则将其从 AD 1 中删除。
我想到的方法是创建另一个哈希表,其中键是 AD 组,然后值是与该组关联的 AAD 组数组,并遍历每个键以检查是否他们是任何价值群体的一部分。我如何才能根据原始哈希表中的数据自动创建该哈希表,然后如何为单个键遍历多个值?
可能有更好的数据结构或方法,我不知道哪个可以使整个事情变得更容易,但我的整体知识非常有限。任何建议将不胜感激,谢谢。
您可以像这样用 Group-Object 翻转 $mappings table:
$mappings = @{
"1 - AAD Group" = "AD 1"
"1 - Another Group" = "AD 1"
"2 - Hello" = "AD 2"
"3 - Hi" = "AD 3"
"3 - Another" = "AD 3"
"3 - Again" = "AD 3"
}
$reverseMappings = $mappings.GetEnumerator() |Group -Property Value -AsHashTable
foreach($reverseMapping in $reverseMappings.GetEnumerator()){
$ADGroup = $reverseMapping.Key
foreach($AADGroup in $reverseMapping.Value.Name){
# Add AAD members here
}
}