powershell 查找所有组的所有用户标记为已禁用
powershell find all users for all groups flag as disabled
我正在尝试使用 PowerShell 吐出一个包含以下列的 csv 文件:
名称,用户名,组名,已启用
我快完成了,我缺少的一步是如何将用户标记为已启用或未启用。
例如,这很好用:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)
$Table = @()
$Record = @{
"Group Name" = ""
"Name" = ""
"Username" = ""
}
Foreach ($Group in $Groups) {
$Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname
foreach ($Member in $Arrayofmembers) {
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
如果我尝试在每个循环中添加一个(诚然是非常不切实际的)额外搜索以在用户 "Enabled" 状态中打耳光,该列将保持空白:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)
$Table = @()
$Record = @{
"Group Name" = ""
"Name" = ""
"Username" = ""
"Enabled" = ""
}
Foreach ($Group in $Groups) {
$Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname
foreach ($Member in $Arrayofmembers) {
$Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'
$Record."Enabled" = $Temprecord.Enabled
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
如果我不得不猜测,那是以下行的问题:
$Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'
类似的一点一定是错误的,但不确定如何解决。
Pipeline pipeline pipeline,不需要循环和数组构建和哈希表存储所有输出,然后输出。
将组通过管道传输到 ADGroupMember 中,并通过管道传输组对象,将组和成员通过管道传输到 Select 和 select 您想要的四列中,然后将它们导出到 CSV。
Import-Module ActiveDirectory
Get-AdGroup -Filter "Name -like '*e*'" -PipelineVariable Group |
Get-ADGroupMember -Recursive |
Select-Object @{Label='Group Name'; Expression={$Group.Name}},
Name,
SamAccountName,
@{Label='Enabled'; Expression={(Get-AdUser -Identity $_.SamAccountName).Enabled}} |
Export-Csv -Path 'C:\temp\SecurityGroups.csv' -NoTypeInformation
$Temprecord = Get-ADUser -Filter "samaccountname -like ""$($Member.samaccountname)"""
参见例如Weekend Scripter: Understanding Quotation Marks in PowerShell 和
Escape characters, Delimiters and Quotes 进行解释。
示例:
PS D:\PShell> $x = 1,2,3
PS D:\PShell> $x.Count
3
PS D:\PShell> ### Single quotation marks define a literal string
PS D:\PShell> '$x.Count'
$x.Count
PS D:\PShell> ### Double quotation marks define more dynamic parsing string
PS D:\PShell> "$x.Count"
1 2 3.Count
PS D:\PShell> ### OOPS!
PS D:\PShell> "$($x.Count)"
3
PS D:\PShell> "array count $($x.Count)"
array count 3
PS D:\PShell> ### Finally, escape double quotes within double quoted string
PS D:\PShell> "array count as string ""$($x.Count)"""
array count as string "3"
PS D:\PShell>
我正在尝试使用 PowerShell 吐出一个包含以下列的 csv 文件: 名称,用户名,组名,已启用
我快完成了,我缺少的一步是如何将用户标记为已启用或未启用。 例如,这很好用:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)
$Table = @()
$Record = @{
"Group Name" = ""
"Name" = ""
"Username" = ""
}
Foreach ($Group in $Groups) {
$Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname
foreach ($Member in $Arrayofmembers) {
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
如果我尝试在每个循环中添加一个(诚然是非常不切实际的)额外搜索以在用户 "Enabled" 状态中打耳光,该列将保持空白:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)
$Table = @()
$Record = @{
"Group Name" = ""
"Name" = ""
"Username" = ""
"Enabled" = ""
}
Foreach ($Group in $Groups) {
$Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname
foreach ($Member in $Arrayofmembers) {
$Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'
$Record."Enabled" = $Temprecord.Enabled
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
如果我不得不猜测,那是以下行的问题:
$Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'
类似的一点一定是错误的,但不确定如何解决。
Pipeline pipeline pipeline,不需要循环和数组构建和哈希表存储所有输出,然后输出。
将组通过管道传输到 ADGroupMember 中,并通过管道传输组对象,将组和成员通过管道传输到 Select 和 select 您想要的四列中,然后将它们导出到 CSV。
Import-Module ActiveDirectory
Get-AdGroup -Filter "Name -like '*e*'" -PipelineVariable Group |
Get-ADGroupMember -Recursive |
Select-Object @{Label='Group Name'; Expression={$Group.Name}},
Name,
SamAccountName,
@{Label='Enabled'; Expression={(Get-AdUser -Identity $_.SamAccountName).Enabled}} |
Export-Csv -Path 'C:\temp\SecurityGroups.csv' -NoTypeInformation
$Temprecord = Get-ADUser -Filter "samaccountname -like ""$($Member.samaccountname)"""
参见例如Weekend Scripter: Understanding Quotation Marks in PowerShell 和 Escape characters, Delimiters and Quotes 进行解释。
示例:
PS D:\PShell> $x = 1,2,3
PS D:\PShell> $x.Count
3
PS D:\PShell> ### Single quotation marks define a literal string
PS D:\PShell> '$x.Count'
$x.Count
PS D:\PShell> ### Double quotation marks define more dynamic parsing string
PS D:\PShell> "$x.Count"
1 2 3.Count
PS D:\PShell> ### OOPS!
PS D:\PShell> "$($x.Count)"
3
PS D:\PShell> "array count $($x.Count)"
array count 3
PS D:\PShell> ### Finally, escape double quotes within double quoted string
PS D:\PShell> "array count as string ""$($x.Count)"""
array count as string "3"
PS D:\PShell>