PowerShell：'MemberOf' 输出一个空白列而不是用户的 'Group Name'

Question

下面的 PowerShell 脚本遍历 test.csv 文件中列出的组。它从各个组中的每个用户中提取 samAccountName 和 distinguishedName。但是，当我尝试拉取 groupName 时，输出为“Microsoft.ActiveDirectory.Management.ADPropertyValueCollection”。不确定如何解决这个问题-

$groups = Get-Content test.csv
$domains = (Get-ADForest).Domains

foreach ($group in $groups)
{
    foreach ($domain in $domains)
    {
        if (Get-ADGroup $group -Server $domain)
        {
            Get-ADGroupMember $group -Server $domain | select groupName, samAccountName, distinguishedName | Export-Csv c:\temp\file.csv -notypeinformation -append
        }
    }
}

我试过下面的方法，但它只输出一个空列：

$groups = Get-Content test.csv
$domains = (Get-ADForest).Domains

foreach ($group in $groups)
{
    foreach ($domain in $domains)
    {
        if (Get-ADGroup $group -Server $domain)
        {
            Get-ADGroupMember $group -Server $domain | select samAccountName, distinguishedName | 
        Get-ADUser @{name  = ‘MemberOf’;’expression={$_.MemberOf -join “;”}} | 
        Export-Csv c:\temp\file.csv -notypeinformation
        }
    }
}

Answer 1

如果您将 select 语句更改为：

select-object @{n='groupName';expression={$group}}, samAccountName, distinguishedName

它应该为该列输出 Get-ADGroupMember 的 $group 输入。

Answer 2

试试这个，我对你的代码做了一些优化:)

请注意，此处或多或少需要 try {...} catch {...}，因为 cmdlet Get-ADGroup 和 Get-ADGroupMember 将如果找不到对象则抛出。

$ErrorActionPreference = 'Stop'
$groups = Get-Content test.csv
$domains = (Get-ADForest).Domains

$result = foreach ($group in $groups)
{
    foreach ($domain in $domains)
    {
        try
        {
            $adGroup = Get-ADGroup $group -Server $domain
            $members = (Get-ADGroupMember $adGroup -Server $domain).where({
                
                # Here, I assume your looking only for user objects
                # since you're next cmdlet is Get-ADUser
                $_.ObjectClass -eq 'user' 
            
            })
            
            foreach($user in $members)
            {
                # !!! $adUser = Get-ADUser $user >> This is not needed,
                # Get-ADGroupMember already brings you the samAccountName of
                # each object

                # Here you can cast the result, I assume
                # you want your CSV to have the Name of the Group and
                # the samAccountName and distinguishedName of each user

                [pscustomobject]@{
                    GroupName = $adGroup.Name
                    samAccountName = $user.samAccountName
                    distinguishedName = $user.distinguishedName
                }

            }
        }
        catch
        {
            Write-Warning $_
        }
    }
}

$result | Export-Csv c:\temp\file.csv -NoTypeInformation

PowerShell：'MemberOf' 输出一个空白列而不是用户的 'Group Name'

PowerShell: 'MemberOf' outputs a blank column instead of the 'Group Name' of the users

powershell

scripting

active-directory