Powershell - Get-ADComputer -properties memberof [英] Powershell - Get-ADComputer -properties memberof

问题描述

我正在尝试查找我们环境中是否有任何服务器未应用于特定组.我有一个组列表，我们用来在特定的日子/夜晚/手动等上修补我们的 Windows 服务器......，我试图检查我们环境中的任何服务器是否错误地放置在域中并错过了这一步 - 没有有一个补丁组成员.

I am trying to find if any servers in our enviroment have NOT been applied to a particular group. I have a list of groups that we use to patch our Windows Servers on partiular days / nights / manual etc..., i am trying to check if any server in our enviroment was incorrectly put on the domain and missed this step - does not have a Patching Group Member.

到目前为止我有:

$servers = get-adcomputer -Filter 'ObjectClass -eq "Computer"' -properties *
foreach ($server in $servers) {
   if($server.OperatingSystem -match "Windows Server 2008" -or $server.operatingsystem match "Windows Server 2003" ) {
   $server.Name, $server.OperatingSystem, $server.memberof
   }
}

上面列出了在我们的环境中运行 Windows 的所有服务器以及分配给该计算机对象的成员.假设我们有 3 个特定的小组来管理如何修补这些服务器.

Above lists all servers that run Windows in our enviroment and the Members assigned to that Computer Object. Say we have 3 particular groups that manage how these servers are patched.

第一组、第二组、第三组

group1, group2, group 3

上面脚本中的每个服务器都应该返回带有 group1、group2 或 group3 的服务器.我想返回所有没有应用 group1、group2 或 group3 的服务器.

Every server from the script above should return servers with group1, group2 or group3. I would like to return all the servers that DONT have group1, group2 or group3 applied.

请有人能指出我正确的方向.

Please can someone point me in the right direction.

谢谢.

推荐答案

让我们来解决这个问题:

Let's work with this:

$groups = @("Terminal Server License Servers","Exchange Trusted Subsystem","Cert Publishers")
$regex = '^({0})' -f ($groups -join '|')
get-adcomputer -Filter {OperatingSystem -like "Windows Server 200*"} -properties * | 
    Where-Object{($_.MemberOf | Get-ADGroup).Name -notmatch $regex} |
    Select-Object Name,OperatingSystem,MemberOf

取组并将它们变成一个数组.将数组成员加入一个正则表达式字符串，该字符串将匹配组的全名.将 If 语句移到 -Filter 中以仅返回您想要的内容，这将使其更有效率.MemberOf 是 DistinguishedName 的列表.从 Get-AdGroup 中获取组名.您可以轻松地使用字符串操作从 dn 中提取名称.我只是觉得这更容易.除了 Select-Object 之外，还没有对结果进行任何操作，但您可以通过管道输入 ForEach-Object 并进行相应处理.

Take the groups and turn them into an array. Join the array members into a regex string which will match the full names of groups. Move the If statement into a -Filter to return only what you want which would make it more efficient. The MemberOf is a list of DistinguishedNames. Get the just the group name from Get-AdGroup. You could easily use string manipulation to extract the name from the dn. I just find this easier. Havent done anything, beyond a Select-Object, with the results but you could pipe into a ForEach-Object and process accordingly.

这篇关于Powershell - Get-ADComputer -properties memberof的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！