获取 AD 组成员 - 排除计算机

问题描述 投票:0回答:1

我有包含用户和计算机的安全组。我只想列出安全组中的用户。我正在获取用户列表,但也收到安全组中每台计算机的错误:

Get-ADUser : Cannot find an object with identity: 'CN="*

我使用的脚本如下:

$GroupName = Read-Host -Prompt 'Enter the Group Name'
Get-ADGroupMember -Identity $GroupName -Recursive | 
Get-ADUser  -Properties Name,Mail,Title,Department | Sort-Object Department,Title,Name | Format-Table Name,Mail,Title,Department -AutoSize
powershell active-directory get-aduser
1个回答
0
投票

不要使用 

Get-ADGroupMember
,而是使用 
Get-ADUser
和过滤器来递归地查找群组的所有成员:

$GroupName = Read-Host -Prompt 'Enter the Group Name'
$groupDn = (Get-ADGroup -Identity $GroupName).DistinguishedName
$getADUserSplat = @{
    LDAPFilter = "(memberOf:1.2.840.113556.1.4.1941:=$groupDn)"
    Properties = 'Name', 'Mail', 'Title', 'Department'
}

Get-ADUser @getADUserSplat |
    Sort-Object Department, Title, Name |
    Format-Table Name, Mail, Title, Department -AutoSize
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.