有没有办法检查计算机的AD组成员身份? [英] Is there a way to check AD group membership for a computer?
问题描述
我正在尝试通过Powershell检查计算机组成员身份。我希望能够指定一个特定的计算机名称,并从Powershell脚本中查找该计算机所在的组。我打算在计算机上运行脚本,获取主机名,然后打印出该计算机所在的AD组。是否有一种简单的方法?
I am trying to check computer group membership through Powershell. I want to be able to specify a certain computer name and find which groups that computer is in but from a Powershell script. I am planning on running the script on a computer, grabbing the hostname, and then printing out what AD groups that computer is in. Is there an easy way to do this?
编辑:
因此,这里的计划是让计算机进行检查,以查看所属的组,然后根据所属的组分配打印机。我们有许多打印机,只有3至4人使用,但是由于由于用户的分散性,无法减少打印机的数量。我当时在查看组策略,但不想创建20个不同的GPO。我想使用登录/启动脚本来做到这一点。我不确定这是否可行。
So the plan here is to have a computer check to see what groups it is in, then assign a printer based on which group it is in. We have many printers that only 3 to 4 people use but due to the spread out nature of the users cannot downsize the amount of printers. I was looking at group policy but did not want to create 20 different GPOs. I wanted to do this with a logon/startup script. I'm not sure if this is doable or feasible.
编辑#2:
这次编辑对聚会真的很晚,但是我想知道是否有人找到了这个它可以帮助。我们最终在用户>首选项>控制面板>打印机对象上使用了项目级定位。我们在AD中为需要访问打印机的每组用户创建了一个帐户。尽管这样做确实为计算机的首次登录创建了一个漫长的登录过程,但仍能奏效。我们还启用了指向打印的限制,以便从服务器安静地加载驱动程序。
Edit #2: This edit it really late to the party but I figured if anyone found this it could help. We ended up using item level targeting on User>Preferences>Control Panel>Printers objects. We made an account in AD for each group of users needing access to the printers. This worked although it did create a long logon process for the first logon of the computer. We also enabled Point-to-Print restrictions so the drivers were loaded from the servers quietly.
推荐答案
这将为您提供该组本地计算机的成员资格(组名)(需要Powershell 2.0):
This will give you the group membership (group names) of the local computer (requires powershell 2.0):
([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1'
这篇关于有没有办法检查计算机的AD组成员身份?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
