如何获取Windows通用帐户列表的AD属性? [英] How to get AD properties for a list of windows generic accounts?

问题描述

我有下面的PowerShell命令，通过它们我可以获取AD中所有用户的属性.

I have below PowerShell commands, using which I can get the properties for all the users in the AD.

Import-Module ActiveDirectory
$attributes = 'SamAccountName', 'Name', 'Mail', 'PasswordLastSet', 'Enabled',
              'PasswordNeverExpires', 'PasswordExpired'
Get-ADUser -Filter * -Properties $attributes | select $attributes

如果我需要一个特定用户的属性，可以在命令提示符下使用以下示例:

If I want properties for one specific user, I can use below example in a command prompt:

net user /domain testuser

但是，如何获取给定用户列表的AD属性?

But, how can I get the AD properties for given list of users?

到目前为止，到目前为止，我已经尝试了以下方法，但仍无法实现，因为它仅返回给一个用户(不确定如何循环):

So, far I have tried the below but couldnt achieve yet as it returns only for one user (not sure how to loop):

Import-Module ActiveDirectory
cd AD:
$Users = gc "C:\AD\accounts.txt"
Get-ADUser -Filter '*' -Properties DisplayName, Office |
  ? { $Users -contains $_.SamAccountName } |
  select DisplayName, Office |
  Export-Csv -Path "C:\AD\output\UserProp_14072016.csv" -NoTypeInformation

我要查找该帐户所有者的最后设置的密码(有效或无效).

I'm looking for password last set, active or inactive, owner of that account.

能请你帮忙吗?

推荐答案

我用来获取任意AD用户列表的一种技术是从文本列表构造ORed LDAP过滤器:

A technique I use for getting an arbitrary list of AD users is to construct an ORed LDAP filter from the text list:

$Users = gc "C:\AD\accounts.txt"

$User_filter = $Users -replace '^','(SamAccountName=' -replace '$',')'
$Filter = "(|$User_filter)"

Get-ADUser -LDAPFilter $Filter  -Properties DisplayName,Office

这篇关于如何获取Windows通用帐户列表的AD属性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！