我正在尝试创建一个脚本,以检查A组的成员是否不是bg组的成员,如果他们不是这些组的成员,则将其名称输出到log / excel工作表-我已经知道了输出属于这些组成员的民族名称,但我无法获得多个组的相反名称。如果我可以制作一个excel工作表,该工作表返回哪个用户属于某一列中的组,而另一用户属于另一列中的组,那将很好,但excel工作表输出存在问题。这是我到目前为止完成的代码。任何帮助表示赞赏
$logfile = "C:\Users\x\temp\outputgroupmembers.log"
$group1 = get-adgroup group-a
$checkgroups = Get-ADGroup -filter 'Name -like "AREA_*"' | Select-Object Name
Foreach ($Usr In Get-ADGroupMember -Identity $group1.DistinguishedName)
{
# If the 'MemberOf' array of $Usr's group memberships contains 'group1', then...
If ((Get-ADUser $Usr.SamAccountName -Properties MemberOf).MemberOf -contains $checkgroups)
{
try{
# output user information to document log'.
$displayname = get-aduser $Usr.SamAccountName -Properties DisplayName | select -expand displayname
write-output $Usr.SamAccountName $displayname >> $logfile
}
catch {
write-output "Domain users group NOT output to logfile" >> $logfile
}
}}
看看这个被剪掉的东西。我修改了您的代码并添加了第二个foreach循环。可能有助于解决您的任务。
[System.String]$InputADGroup = 'group-a'
[Microsoft.ActiveDirectory.Management.ADGroup[]]$ADGroupsToCheck = Get-ADGroup -Filter 'Name -like "AREA_*"'
foreach ($Member in (Get-ADGroupMember -Identity $InputADGroup)) #Process each member of the input ad group
{
#Get MemberOf from user
[System.String[]]$MemberOfGroups = (Get-ADUser -Identity $Member.SamAccountName -Properties MemberOf).MemberOf
#Check each MemberOf group
foreach ($MemberOfGroup in $MemberOfGroups)
{
#Check if user is member of one of the check groups
if ($ADGroupsToCheck.DistinguishedName -contains $MemberOfGroup)
{
Write-Output -InputObject ('User ' + $Member.SamAccountName + ' is member of ' + $MemberOfGroup)
}
}
}