我正在尝试编写一个 PowerShell 程序,该程序将导入活动和非活动帐户的 CSV,然后通过成功运行的关键字(已禁用)过滤这些用户。我得到了一个经过过滤的 CSV,其文件名中带有用于审计目的的时间戳
这是导入的 CSV 的示例
Username,Name,Email,Status,Created,Last Login
Test,"Test, Test",[email protected],Active,2018-12-07 21:46:40 UTC,2024-03-18 20:01:50
Import-Module -Name ActiveDirectory
# Gathers Date information and creates CSV naming convention for Filtered CSV Output
$TimeStamp = Get-date -Format "MMddyy"
$filters = "Disabled"
# User drops file named Removal to Desktop
Get-Content -Path 'c:\Scripts\UsersTest.csv' | Select-String -Pattern $filters | Out-File -FilePath "c:\Logs\$TimeStamp FilteredUsersForRemoval.csv"
这是 CSV 输出的示例
Test2,"Test2,Test2",[email protected],Disabled,2018-12-07 21:46:40 UTC,2024-03-18 20:01:50
我要补充的一点是,在过滤导出的 CSV 中,文件中没有标题,只有数据
下一部分通过将 AD 中的 UPN 与 CSV 中的电子邮件进行匹配来删除这些特定的过滤用户
$GroupFilter = 'MFA Offline Access', 'Personal Phone', 'MFAUsers', 'Test Domain 1 users', 'Test Domain 2 Users'
$Users= "c:\Logs\$TimeStamp FilteredUsersForRemoval.csv"
foreach ($User in $Users)
{
$UPN = $User.Username
$ADUser = Get-ADUser -Filter 'Email' -like $UPN | Select-Object SamAccountName
{
$ExistingGroups = Get-ADPrincipalGroupMembership $ADUser.SamAccountName | Select-Object Name
if ($ExistingGroups.Name -eq $GroupFilter)
{
Remove-ADGroupMember -Identity $GroupFilter-Members $ADUser.SamAccountName -Confirm$false
Write-Host "Removed $UPN from $Group" - ForeGroundColor Green
}
else
{
Write-Host "$UPN does not exist in $Group" - ForeGroundColor Yellow
}
}
}
这是不断失败并给出错误的部分,例如找不到 -like 或 -eq 的参数。
在我们的活动域中,这些特定用户位于多个 OU 内 - 示例测试>>用户>终止,这就是我尝试从中删除组的这些禁用用户。
需要从这些用户中删除的特定组位于 $GroupFilter 变量中。
任何帮助将不胜感激,因为我不确定语法或 CSV 导入哪里出了问题
foreach ($User in $Users)
{
$UPN = $User.Email
$ADUser = Get-ADUser -Filter {Email -like $UPN} | Select-Object UserPrincipalName
{
$ExistingGroups = Get-ADPrincipalGroupMembership $ADUser.UserPrincipalName | Select-Object Name
if ($ExistingGroups[0].Name -eq $GroupFilter)
{
Remove-ADGroupMember -Identity $GroupFilter-Members $ADUser.UserPrincipalName
Write-Host "Removed $UPN from $Group" - ForeGroundColor Green
}
else
{
Write-Host "$UPN does not exist in $Group" - ForeGroundColor Yellow
}
}
}
主要问题开始于您(错误)使用
Get-Content
代替 Import-Csv
和 Out-File
代替 Export-Csv
.. 将输入 CSV 视为纯文本。
使用
Where-Object
子句,您可以立即从原始输入 csv 文件中过滤掉禁用的用户,因此基本上不需要将子集存储到新文件中,除非供以后参考。
尝试
# Gathers Date information and creates CSV naming convention for Filtered CSV Output
$TimeStamp = Get-date -Format "MMddyy"
# read and parse the input csv, collect only user objects that are disabled
$Users = Import-Csv -Path 'c:\Scripts\UsersTest.csv' | Where-Object {$_.Status -eq 'Disabled'}
# for later reference write the disabled users in a separate output csv
$Users | Export-Csv -Path "c:\Logs\$TimeStamp FilteredUsersForRemoval.csv" -NoTypeInformation
$GroupFilter = 'MFA Offline Access', 'Personal Phone', 'MFAUsers', 'Test Domain 1 users', 'Test Domain 2 Users'
foreach ($User in $Users) {
$ADUser = Get-ADUser -Filter "Email -eq '$($User.Email)'"
Get-ADPrincipalGroupMembership -Identity $ADUser.DistinguishedName | # get the groups this user belongs to
Where-Object {$GroupFilter -contains $_.Name} | # filter to get only the groups in $GroupFilter
ForEach-Object { # loop over these groups and remove the user
$_ | Remove-ADGroupMember -Members $ADUser
Write-Host "Removed $($ADUser.Name) from $($_.Name)" -ForeGroundColor Green
}
}