如何导出活动目录对象的 CSV 文件? [英] How to Export-CSV of Active Directory Objects?

问题描述

我正在尝试为用户 ID 重新验证工作获取所有用户记录及其关联组的转储.我的安保人员想要 CSV 格式的文件.

I'm trying to get a dump of all user records and their associated groups for a user ID revalidation effort. My security officer wants it in CSV format.

这很好用:

Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name | ConvertTo-CSV

但是，这不包括用户所属的组.

However, that does not include the groups the user is a member of.

这样的尝试都失败了:

Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization, @{$_.MemberOf |Get-Group|ForEach-Object {$_.Name}} | Sort-Object -Property Name | ConvertTo-CSV

这也失败了:

Get-ADUser -Filter * -Properties * | Sort-Object -Property Name | ForEach-Object {
    $_ | Format-List -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled
    $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
}  | ConvertTo-CSV

我可能遗漏了一些简单的东西.任何帮助将不胜感激.谢谢！

I'm probably missing something simple. Any help would be greatly appreciated. Thanks!

推荐答案

从 Windows Server 操作系统执行以下命令以转储整个 Active Director:

From a Windows Server OS execute the following command for a dump of the entire Active Director:

csvde -f test.csv

这个命令非常广泛，会为您提供比必要的信息更多的信息.要将记录限制为仅用户记录，您需要:

This command is very broad and will give you more than necessary information. To constrain the records to only user records, you would instead want:

csvde -f test.csv -r objectClass=user 

您可以进一步限制该命令以仅提供与请求的搜索相关的所需字段，例如:

You can further restrict the command to give you only the fields you need relevant to the search requested such as:

csvde -f test.csv -r objectClass=user -l DN, sAMAccountName, department, memberOf

如果您有一台 Exchange 服务器，并且每个与真人关联的用户都有一个邮箱(而不是信息亭/实验室工作站的通用帐户)，您可以使用 mailNickname 代替 sAMAccountName.

If you have an Exchange server and each user associated with a live person has a mailbox (as opposed to generic accounts for kiosk / lab workstations) you can use mailNickname in place of sAMAccountName.

这篇关于如何导出活动目录对象的 CSV 文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！