使用 PowerShell 获取 AD 组成员资格 ADSI [英] Getting AD Group Membership ADSI using PowerShell

问题描述

我目前有 ADSI 代码来获取用户所属的组:

I currently have ADSI code to get the groups a user is a part of:

$searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
$searcher.FindOne().Properties.memberof
$adgroups = $User -Replace '^cn=([^,]+).+$', '$1'

但是，我希望能够选择一个组并查看其成员.我目前有这个代码来获取他们的 DN 和路径.

However, i am wanting to be able to choose a group and see its members. I currently have this code to get their DN and path.

$Group = [ADSI]"LDAP://cn=Test,cn=Test,dc=some,dc=domain,dc=net"
$Members = $Group.Member | ForEach-Object {[ADSI]"LDAP://$_"}

如果可能，我想获得其他属性(名称等).任何帮助将不胜感激，因为我一直在努力.

I am wanting to get other attributes if possible (name, etc.). Any help would be appreciated as i have been trying for a bit.

推荐答案

您已经拥有了两部分，第一部分是在组中查找用户，第二部分是使用搜索器为用户获取属性.只需使用 distinguishedname 作为 [adsisearcher] 过滤器.

You already have both pieces, the first piece is finding the users in the group, the second piece is using the searcher to get properties for the users. Just use distinguishedname as the [adsisearcher] filter.

$Group = [ADSI]"LDAP://cn=Test,cn=Test,dc=some,dc=domain,dc=net"
$Group.Member | ForEach-Object {
    $Searcher = [adsisearcher]"(distinguishedname=$_)"
    $searcher.FindOne().Properties
}

这篇关于使用 PowerShell 获取 AD 组成员资格 ADSI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！