如果用户是组列表的成员,如何遍历用户的组成员身份和 return 用户
How to iterate through user's group membership and return user if they are a member of a list of groups
我在 csv 中有大量 samAccountNames,我需要编写一个脚本来检查每个用户并查看他们是否是 3 个 AD 组中的任何一个的成员。我尝试了一个脚本来搜索组然后找到用户,但是我 运行 遇到组包含太多成员的问题,这会引发错误。
我尝试遍历每个用户并提取组成员资格,但我想我不知道如何正确搜索数组中的值,或者至少我认为这是我的问题
这就是我想要的:
#Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
#Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" | ForEach-Object {
#define users variable
$users = $_."samAccountName"
foreach ($user in $users) {
#Get all groups that the $user is a member of
$membership = Get-ADPrincipalGroupMembership $user | select name
foreach ($group in $groups) {
#Check if $group is in $membership
}
}
}
#export a new csv of all $users who were found to be in an $groups
正在寻求有关如何完成此操作的任何帮助。谢谢!
考虑到您打算重新导出为 CSV,您需要考虑添加代表用户在给定组中的成员资格的布尔列(属性)。
我没有测试这个,但这是一个想法:
# Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
# Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" |
ForEach-Object {
# Get all groups that the $user is a member of
$membership = (Get-ADPrincipalGroupMembership $_.samAccountName).Name
$_ |
Select-Object *,
@{Name = 'Group1'; Expression = { 'Group1' -in $membership }},
@{Name = 'Group2'; Expression = { 'Group2' -in $membership }},
@{Name = 'Group3'; Expression = { 'Group3' -in $membership }}
} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
在本例中,我们向 Import-Csv 生成的对象添加属性。 属性 的值将是 True/False,对应于从 Get-ADUserPrincipalGroupMembership 收到的成员资格。然后,立即创建一个新的 CSV 文件。
您也可以通过预加载组的成员资格并根据这些存储的列表检查用户来朝另一个方向前进。同样未经测试的 bu 可能看起来像:
$Members =
@{
Group1 = (Get-ADGroupMember 'Group1').samAccountName
Group2 = (Get-ADGroupMember 'Group2').samAccountName
Group3 = (Get-ADGroupMember 'Group3').samAccountName
}
Import-Csv "$PSScriptroot\Users.csv" |
Select-Object *,
@{Name = 'Group1'; Expression = { $_.samAccountName -in $Members['Group1'] }},
@{Name = 'Group2'; Expression = { $_.samAccountName -in $Members['Group2'] }},
@{Name = 'Group3'; Expression = { $_.samAccountName -in $Members['Group3'] }} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
这有一个额外的好处,就是可以追溯地询问组成员。只需将 -Recursive 开关参数添加到 Get-ADGroupMember 命令即可。
我在 csv 中有大量 samAccountNames,我需要编写一个脚本来检查每个用户并查看他们是否是 3 个 AD 组中的任何一个的成员。我尝试了一个脚本来搜索组然后找到用户,但是我 运行 遇到组包含太多成员的问题,这会引发错误。
我尝试遍历每个用户并提取组成员资格,但我想我不知道如何正确搜索数组中的值,或者至少我认为这是我的问题
这就是我想要的:
#Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
#Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" | ForEach-Object {
#define users variable
$users = $_."samAccountName"
foreach ($user in $users) {
#Get all groups that the $user is a member of
$membership = Get-ADPrincipalGroupMembership $user | select name
foreach ($group in $groups) {
#Check if $group is in $membership
}
}
}
#export a new csv of all $users who were found to be in an $groups
正在寻求有关如何完成此操作的任何帮助。谢谢!
考虑到您打算重新导出为 CSV,您需要考虑添加代表用户在给定组中的成员资格的布尔列(属性)。
我没有测试这个,但这是一个想法:
# Groups to look for
$groups = 'Group1', 'Group2', 'Group3'
# Import users to check from a csv file
Import-Csv "$PSScriptroot\Users.csv" |
ForEach-Object {
# Get all groups that the $user is a member of
$membership = (Get-ADPrincipalGroupMembership $_.samAccountName).Name
$_ |
Select-Object *,
@{Name = 'Group1'; Expression = { 'Group1' -in $membership }},
@{Name = 'Group2'; Expression = { 'Group2' -in $membership }},
@{Name = 'Group3'; Expression = { 'Group3' -in $membership }}
} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
在本例中,我们向 Import-Csv 生成的对象添加属性。 属性 的值将是 True/False,对应于从 Get-ADUserPrincipalGroupMembership 收到的成员资格。然后,立即创建一个新的 CSV 文件。
您也可以通过预加载组的成员资格并根据这些存储的列表检查用户来朝另一个方向前进。同样未经测试的 bu 可能看起来像:
$Members =
@{
Group1 = (Get-ADGroupMember 'Group1').samAccountName
Group2 = (Get-ADGroupMember 'Group2').samAccountName
Group3 = (Get-ADGroupMember 'Group3').samAccountName
}
Import-Csv "$PSScriptroot\Users.csv" |
Select-Object *,
@{Name = 'Group1'; Expression = { $_.samAccountName -in $Members['Group1'] }},
@{Name = 'Group2'; Expression = { $_.samAccountName -in $Members['Group2'] }},
@{Name = 'Group3'; Expression = { $_.samAccountName -in $Members['Group3'] }} |
Export-Csv -Path "$PSScriptroot\Users_New.csv" -NoTypeInformation
这有一个额外的好处,就是可以追溯地询问组成员。只需将 -Recursive 开关参数添加到 Get-ADGroupMember 命令即可。