我正在尝试返回我域中所有安全组的CSV以及所有成员,包括他们的帐户状态(启用或禁用),但似乎无法解决如何从ADGroupMember到ADUser的连接。试图测试$Member.ObjectClass
的值,如果“user”然后运行Get-ADUser
但这似乎不起作用 - 如果我这样做,所有ADGroupMember对象类都显示为用户。如果可能,想在一个查询中执行此操作。我从网上拿了一个例子,试图修改它但没有成功。
我正在寻找像这样格式的table / csv中的结果:
GroupName Name ObjectClass Enabled GroupA John Smith User True GroupB Jane Brown User False GroupB GroupN Group NA/Group
$Table = @()
$Record = [ordered]@{
"GroupName" = ""
"Name" = ""
"ObjectClass" = ""
"Enabled" = ""
}
$Groups = Get-AdGroup -Filter * |
Where {$_.Name -like "FS01*" -or $_.Name -like "ABC*"} |
Select Name -ExpandProperty Name
foreach ($Group in $Groups) {
$ArrayMembers = Get-ADGroupMember -Identity $Group |
Select Name, ObjectClass #, SamAccountName
foreach ($Member in $ArrayMembers) {
$Record."Enabled" = Get-ADGroupMember -Identity $Group |
Get-ADUser |
Select Enabled
$Record."GroupName" = $Group
$Record."Name" = $Member.Name
$Record."ObjectClass" = $Member.ObjectClass
$objRecord = New-Object PSObject -Property $Record
$Table += $objRecord
}
}
$Table # | Export-Csv $filename -NoTypeInformation
不要让事情比他们需要的更复杂。使用Select-Object
从组成员中选择名称和对象类,并通过calculated properties注入组名和启用状态。
Get-ADGroup -Filter * | Where-Object {
$_.Name -like 'FS01*' -or
$_.Name -like 'ABC*'
} | ForEach-Object {
$groupname = $_.Name
Get-ADGroupMember -Identity $_ |
Select-Object @{n='GroupName';e={$groupname}}, Name, ObjectClass,
@{n='Enabled';e={if ($_.ObjectClass -eq 'user') {
Get-ADUser $_ | Select-Object -Expand Enabled
} else {
'NA/Group'
}}}
} | Export-Csv 'C:\path\to\output.csv' -NoType