将文件夹路径和 AD 组成员导出到 CSV
Exporting Folder Path and Members of AD group into CSV
我正在尝试导出顶级文件夹中所有文件夹的路径以及 AD 组以及该 AD 组的成员。我有以下脚本,它能够获取所有这些信息,但在尝试将其导出为格式良好的 CSV
时遇到了问题
enter code here
$filepath='\server1\folderA'
$Version=$PSVersionTable.PSVersion
if ($Version.Major -lt 3) {Throw "Powershell version out of date. Please update powershell." }
#Create an empty hashtable to track groups
$ADGroups = @{}
#Get a recursive list of folders and loop through them
ForEach($Folder in (Get-ChildItem $filePath -Directory)){
# Get ACLs for the folder
$ACLs = Get-Acl -Path $Folder.FullName
#Do a bunch of filtering to just get AD groups
$Groups = $ACLs |
% Access | #Expand the Access property
where { $_.IsInherited -eq $false -and $_.AccessControlType -eq 'Allow' -and $_.IdentityReference -notmatch 'BUILTIN|NT AUTHORITY|CREATOR|-----|Identity'} | #Only instances that allow access, are not inherited, and aren't a local group or special case
%{$_.IdentityReference -replace 'JAC.*?\'} | #Expand the IdentityReference property, and replace anything that starts with JAC all the way to the first backslash (likely domain name trimming)
Select -Unique #Select only unique values
#If there are no groups to display for this folder move to the next folder
If($Groups.Count -eq 0){Continue}
#Display Folder Path
$Folder.FullName
#Put a dashed line under the folder path (using the length of the folder path for the length of the line, just to look nice)
'-'*$Folder.FullName.Length
#Loop through each group and display its name and users
ForEach ($Group in $Groups){
#Display the group name
$Group
#repmoves the domain\ from the ad group
$groupname = $group -creplace '(?s)^.*\', ''
#Add a line under the group name
'-'*$Groupname.Length
#Check if we already have this group, and if not get the group from AD
If($ADGroups.Keys -notcontains $Groupname){
$Members = Get-ADGroupMember $Groupname | select Name
}
#Display the group members
$Members
}
#output a blank line, for some seperation between folders
"`n"
}
理想情况下只需要导出
文件夹路径即变量$folder.fullname和变量$members
我 运行 将其与我自己的共享目录之一进行比较,以确切了解它的作用,这样我至少可以看到您正在使用的信息。
在 CSV 中,您有列标题,然后在这些标题下有行。您使用此脚本收集的信息是:文件夹名称;具有访问权限的组;这些团体的成员。这意味着您的 CSV 的每一行都将包含此信息。您问题的最后一部分表明您只是在寻找有权访问这些文件夹的用户名。但是,为了完整起见,我在下面的输出中包含了所有三个组。在下面的代码中,$results += 开始的地方,如果不需要该信息,可以删除行 'group=$group'。但是,当您查看 CSV 文件时,我相信您会发现其中的信息很有用。
为了将所有信息转化为合适的格式,您需要将其存储在一个变量中。我建议创建一个可以导出的自定义 object。我在下面使用了您的代码并为此添加了关键元素。新行用一行中的三个散列标记 - ###。我还对格式进行了一些更改以符合我自己的编码习惯 - 希望您可以更容易地看到各种循环的位置,以便您可以看到我是如何将数据收集到变量中的。如果这捕获了您期望的数据,请告诉我。
$filepath='\server\folder'
### New variable called results. This is what will store the custom object.
$results = @()
$Version=$PSVersionTable.PSVersion
if ($Version.Major -lt 3) {Throw "Powershell version out of date. Please update powershell." }
#Create an empty hashtable to track groups
$ADGroups = @()
#Get a recursive list of folders and loop through them
ForEach ($Folder in (Get-ChildItem $filePath -Directory))
{
# Get ACLs for the folder
$ACLs = Get-Acl -Path $Folder.FullName
#Do a bunch of filtering to just get AD groups
#$acls.Access
$Groups = $ACLs |
% Access | #Expand the Access property
where { $_.IsInherited -eq $false -and $_.AccessControlType -eq 'Allow' -and $_.IdentityReference -notmatch 'BUILTIN|NT AUTHORITY|CREATOR|-----|Identity'} | #Only instances that allow access, are not inherited, and aren't a local group or special case
%{$_.IdentityReference -replace 'JAC.*?\'} | #Expand the IdentityReference property, and replace anything that starts with JAC all the way to the first backslash (likely domain name trimming)
Select -Unique #Select only unique values
#If there are no groups to display for this folder move to the next folder
If($Groups.Count -eq 0){Continue}
#Display Folder Path
$Folder.FullName
#Put a dashed line under the folder path (using the length of the folder path for the length of the line, just to look nice)
'-'*$Folder.FullName.Length
#Loop through each group and display its name and users
ForEach ($Group in $Groups)
{
#Display the group name
$Group
#repmoves the domain\ from the ad group
$groupname = $group -creplace '(?s)^.*\', ''
#Add a line under the group name
'-'*$Groupname.Length
#Edited post to include this IF statement
#Now that we have the group name, here is where we want to filter out group names
#that we don't want to have
If ($groupname -notlike "*_R" -and $groupname -notlike "*Bambi*")
{
#Check if we already have this group, and if not get the group from AD
If($ADGroups.Keys -notcontains $Groupname)
{
$Members = Get-ADGroupMember $Groupname | select Name
### This is a new foreach loop. This will allow us to easily store each individual member in our results variable
foreach ($Member in $Members)
{
### This is where we are going to store our variable
$results += [pscustomobject]@{
folder = $folder.FullName
group = $Group
name = $member.Name
}
}
}
#Display the group members
$Members
}
}
#output a blank line, for some seperation between folders
"`n"
}
### Now we can export the results
$Results | export-csv "C:\somefolder\filename.csv" -NoTypeInformation
我正在尝试导出顶级文件夹中所有文件夹的路径以及 AD 组以及该 AD 组的成员。我有以下脚本,它能够获取所有这些信息,但在尝试将其导出为格式良好的 CSV
时遇到了问题enter code here
$filepath='\server1\folderA'
$Version=$PSVersionTable.PSVersion
if ($Version.Major -lt 3) {Throw "Powershell version out of date. Please update powershell." }
#Create an empty hashtable to track groups
$ADGroups = @{}
#Get a recursive list of folders and loop through them
ForEach($Folder in (Get-ChildItem $filePath -Directory)){
# Get ACLs for the folder
$ACLs = Get-Acl -Path $Folder.FullName
#Do a bunch of filtering to just get AD groups
$Groups = $ACLs |
% Access | #Expand the Access property
where { $_.IsInherited -eq $false -and $_.AccessControlType -eq 'Allow' -and $_.IdentityReference -notmatch 'BUILTIN|NT AUTHORITY|CREATOR|-----|Identity'} | #Only instances that allow access, are not inherited, and aren't a local group or special case
%{$_.IdentityReference -replace 'JAC.*?\'} | #Expand the IdentityReference property, and replace anything that starts with JAC all the way to the first backslash (likely domain name trimming)
Select -Unique #Select only unique values
#If there are no groups to display for this folder move to the next folder
If($Groups.Count -eq 0){Continue}
#Display Folder Path
$Folder.FullName
#Put a dashed line under the folder path (using the length of the folder path for the length of the line, just to look nice)
'-'*$Folder.FullName.Length
#Loop through each group and display its name and users
ForEach ($Group in $Groups){
#Display the group name
$Group
#repmoves the domain\ from the ad group
$groupname = $group -creplace '(?s)^.*\', ''
#Add a line under the group name
'-'*$Groupname.Length
#Check if we already have this group, and if not get the group from AD
If($ADGroups.Keys -notcontains $Groupname){
$Members = Get-ADGroupMember $Groupname | select Name
}
#Display the group members
$Members
}
#output a blank line, for some seperation between folders
"`n"
}
理想情况下只需要导出
文件夹路径即变量$folder.fullname和变量$members
我 运行 将其与我自己的共享目录之一进行比较,以确切了解它的作用,这样我至少可以看到您正在使用的信息。
在 CSV 中,您有列标题,然后在这些标题下有行。您使用此脚本收集的信息是:文件夹名称;具有访问权限的组;这些团体的成员。这意味着您的 CSV 的每一行都将包含此信息。您问题的最后一部分表明您只是在寻找有权访问这些文件夹的用户名。但是,为了完整起见,我在下面的输出中包含了所有三个组。在下面的代码中,$results += 开始的地方,如果不需要该信息,可以删除行 'group=$group'。但是,当您查看 CSV 文件时,我相信您会发现其中的信息很有用。
为了将所有信息转化为合适的格式,您需要将其存储在一个变量中。我建议创建一个可以导出的自定义 object。我在下面使用了您的代码并为此添加了关键元素。新行用一行中的三个散列标记 - ###。我还对格式进行了一些更改以符合我自己的编码习惯 - 希望您可以更容易地看到各种循环的位置,以便您可以看到我是如何将数据收集到变量中的。如果这捕获了您期望的数据,请告诉我。
$filepath='\server\folder'
### New variable called results. This is what will store the custom object.
$results = @()
$Version=$PSVersionTable.PSVersion
if ($Version.Major -lt 3) {Throw "Powershell version out of date. Please update powershell." }
#Create an empty hashtable to track groups
$ADGroups = @()
#Get a recursive list of folders and loop through them
ForEach ($Folder in (Get-ChildItem $filePath -Directory))
{
# Get ACLs for the folder
$ACLs = Get-Acl -Path $Folder.FullName
#Do a bunch of filtering to just get AD groups
#$acls.Access
$Groups = $ACLs |
% Access | #Expand the Access property
where { $_.IsInherited -eq $false -and $_.AccessControlType -eq 'Allow' -and $_.IdentityReference -notmatch 'BUILTIN|NT AUTHORITY|CREATOR|-----|Identity'} | #Only instances that allow access, are not inherited, and aren't a local group or special case
%{$_.IdentityReference -replace 'JAC.*?\'} | #Expand the IdentityReference property, and replace anything that starts with JAC all the way to the first backslash (likely domain name trimming)
Select -Unique #Select only unique values
#If there are no groups to display for this folder move to the next folder
If($Groups.Count -eq 0){Continue}
#Display Folder Path
$Folder.FullName
#Put a dashed line under the folder path (using the length of the folder path for the length of the line, just to look nice)
'-'*$Folder.FullName.Length
#Loop through each group and display its name and users
ForEach ($Group in $Groups)
{
#Display the group name
$Group
#repmoves the domain\ from the ad group
$groupname = $group -creplace '(?s)^.*\', ''
#Add a line under the group name
'-'*$Groupname.Length
#Edited post to include this IF statement
#Now that we have the group name, here is where we want to filter out group names
#that we don't want to have
If ($groupname -notlike "*_R" -and $groupname -notlike "*Bambi*")
{
#Check if we already have this group, and if not get the group from AD
If($ADGroups.Keys -notcontains $Groupname)
{
$Members = Get-ADGroupMember $Groupname | select Name
### This is a new foreach loop. This will allow us to easily store each individual member in our results variable
foreach ($Member in $Members)
{
### This is where we are going to store our variable
$results += [pscustomobject]@{
folder = $folder.FullName
group = $Group
name = $member.Name
}
}
}
#Display the group members
$Members
}
}
#output a blank line, for some seperation between folders
"`n"
}
### Now we can export the results
$Results | export-csv "C:\somefolder\filename.csv" -NoTypeInformation