PowerShell：将CSV与AD进行比较 [英] PowerShell: Compare CSV to AD

问题描述

我是PowerShell的新手，我在很多论坛上都发布了这个，但我之前已经从这里获得了编程帮助的成功，虽然这不是严格的编程，但我希望有人可能知道答案。

I'm fairly new to PowerShell and I'm posting this on many forums but I've had success with programming assistance from here before and although this isn't strictly programming, I was hoping someone might know the answer.

我的组织有大约5,300个用户需要为客户端禁用。有人认为最好地利用我们的时间是让人们通过AD并一次禁用一个。在我了解了这一点后，我停下来并使用PowerShell获取我们已有的CSV列表，然后运行cmdlet以禁用CSV列表中的所有用户。

My organization had about 5,300 users we needed to disable for a client. Someone decided the best use of our time was have people go through AD and disable them one at a time. Soon as I got wind of this I put a stop to it and used PowerShell to take the CSV list we already had, and ran a cmdlet to disable all of the users in the CSV list.

这似乎有效，但我想进行比较。我想比较CSV文件中的用户和AD中的用户，并确认他们全部被禁用，而无需单独检查所有5300。我们检查了大约60个随机的，以验证我的运行是否有效，但我想确保没有任何漏洞。

This appeared to work, but I wanted to run a comparison. I want to compare the users from the CSV file, to the users in AD, and confirm that they are all disabled without having to check all 5300 individually. We checked about 60 random ones to verify my run worked, but I want to make sure none slipped through the cracks.

我尝试了几个脚本而且我已经尝试了一些cmdlet的变种。我试过的任何脚本都没有工作，发送错误的垃圾邮件。当我尝试使用来自csv文件的get-content或import-CSV来搜索AD时，当我导出它时，给我约7600个禁用用户（如果我按禁用搜索）。总共只有5300个用户，所以它必须给我AD中的所有残疾用户。我运行的其他cmdlet似乎做同样的事情，它导出整个AD列表而不是仅仅与我的CSV文件进行比较。

I've tried a couple scripts and I've tried some variations of cmdlets. None of the scripts I tried even worked, spammed with errors. When I try to run a search of AD either using get-content or import-CSV from the csv file, when I export its giving me about 7600 disabled users (if I search by disabled). There were only 5300 users in total, so it must be giving me all of the disabled users in AD. Other cmdlets i've run appear to do the same thing, its exporting an entire AD list instead of just comparing against my CSV file.

任何人都可以提供任何帮助很有帮助。

Any assistance anyone can provide would be helpful.

推荐答案

在不知道CSV的确切结构的情况下我会假设它是这样的：
CN =，OU =，DC =
JSmith，会计，Foo.com
BAnderson，HR，Foo.com
JAustin，IT，Foo.com

Without knowing the exact structure of your CSV I'm going to assuming it is as such: "CN=","OU=","DC=" "JSmith","Accounting","Foo.com" "BAnderson","HR","Foo.com" "JAustin","IT","Foo.com"

如果您的第一个字段实际上包含CN =（即CN = JSmith， OU = Accounting，Foo.com）你想要用 .TrimStart（CN =）修剪它。

That said, if your first field actually has CN= included (i.e. "CN=JSmith","OU=Accounting","Foo.com") you will want to trim that with .TrimStart("CN=").

$ToRemove = Import-CSV UserList.csv
$UserList=@()
ForEach($User in $ToRemove){
    $Temp = ""|Select "User","Disabled"
    $Temp.User = $User.'CN='
    If((Get-aduser $Temp.User -Prop Enabled).Enabled){$Temp.Disabled='False'}else{$Temp.Disabled='True'}
    $UserList+=$Temp}
$UserList|?{$_.Disabled -eq 'False'}

将CSV加载到变量中，通过检查'CN ='属性的循环运行每个列表，为每个只包含其名称的用户创建一个自定义对象，如果它们被禁用，然后将该对象添加到数组中以便以后使用。最后，您将留下$ UserList，列出原始CSV中的所有人以及是否禁用它们。您可以将其输出到文件，仅针对仍然启用的文件或任何您想要的文件进行过滤。如前所述，如果你的CSV实际上每行都有CN = JSmith，你会想要更新第5行看起来像这样：

That loads the CSV into a variable, runs each listing through a loop that checks the 'CN=' property, creates a custom object for each user containing just their name and if they are disabled, and then adds that object to an array for ease of use later. In the end you are left with $UserList that lists everybody in the original CSV and if they are disabled. You can output it to a file, filter it for just those that are still enabled, or whatever you want. As noted before if your CSV actually has CN=JSmith for each line you will want to update line 5 to look as such:

    $Temp.User = $User.'CN='.TrimStart("CN=")

如果CSV文件中没有任何标题可能需要注入它们。只需在顶部放一行，如下所示：

CN =，OU =，DC =
或者，如果你有不同的OU深度，你可能最好不要做GC然后运行每个通过拆分行，取第一部分，从头开始修剪CN =，并检查它们是否被禁用，如：

If you don't have any headers in the CSV file you may want to inject them. Just put a line at the top that looks like:
CN=,OU=,DC= Or, if you have varying OU depths you may be better off doing a GC and then running each line through a split, taking the first part, trimming the CN= off the beginning, and checking to see if they are disabled like:

GC SomeFile.CSV||%{$_.split(",")[0].trimstart("CN=")|%{If((get-aduser $_ -prop enabled).enabled){"$_ is Enabled"}else{"$_ is Disabled"}}}

这篇关于PowerShell：将CSV与AD进行比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！