Powershell-从广告列表中获取用户信息 [英] Powershell - Get User information from AD list

问题描述

我一般是编程的初学者.我想要做的是创建一个Powershell脚本，该脚本将:

I'm a beginner in programming in general.. What I'm trying to do is to create a powershell script that will:

• 获取有关Active Directory组中每个用户的信息.

• Get information on each user on an Active Directory group.

每个组中可能有另一个组，因此我希望它也能从每个嵌套组中获取用户列表.

Inside each group there may be another group, so I would want it to get the list of users from each nested group as well.

每组仅向我提供一次信息.

Only give me the information for each group once.

这是我到目前为止所拥有的:

This is what I have so far:

$list = Get-ADGroupMember Admins

foreach($u in $list) {
    Get-ADObject $u
}

foreach ($_ in $u) {
    if ($u.ObjectClass -eq 'user') { 
        Get-ADUser $u -Properties * | select givenname, surname, samaccountname | ft -autosize
    } else { 
        Get-ADGroupMember $u -Recursive | select name, samaccountname | ft -autosize
    }
}

到目前为止，我正在尝试使其与管理员"组一起工作，如果可以，那么我想同时为更多组运行代码.

So far I'm trying to get it to work with that one group 'Admins' and then if it does I would want to run the code for more groups at the same time.

任何帮助或指导将不胜感激.

Any help or guidance would be appreciated.

推荐答案

您似乎只希望 Get-ADUser 和 Get-ADGroup ，因此在两种情况下都无需指定 -Properties 参数.

You seem to want only properties that are returned by default by Get-ADUser aswell as Get-ADGroup, so in both cases, there is no need to specify the -Properties parameter.

Get-ADGroupMember 可以返回用户，计算机和组对象，因此，目前，您的 else 条件要求使用组，最终可能会有一个计算机对象.

Get-ADGroupMember can return user, computer and group objects, so at the moment, your else condition expects groups, where you could end up with a computer object..

在您的代码中，您同时在 if 和 else 中使用 ft -autosize 输出到控制台，但这会更容易在循环开始时在变量中捕获两种类型的结果对象，然后将其作为一个整体输出:

In your code, you output to console with ft -autosize both in the if and the else, but it would be simpler to capture both types of resulting objects in a variable at the start of the loop and output it as a whole afterwards:

# you can load a list of group names from a predefined array:
$Groups = 'Admins', 'Users'

# or load from a file, each group name listed on a separate line:
# $Groups = Get-Content -Path 'D:\Test\ADGroups.txt'

# or get all AD groups in the domain:
# $Groups = (Get-ADGroup -Filter *).Name


$result = foreach ($group in $Groups) {
    Get-ADGroup -Filter "Name -eq '$group'" | ForEach-Object {
        # we could use the $group variable, but this ensures correct casing
        $groupName = $_.Name
        $members = $_ | Get-ADGroupMember -Recursive
        foreach ($member in $members) {
            if ($member.objectClass -eq 'user') {
                Get-ADUser -Identity $member.DistinguishedName |
                Select-Object @{Name="GroupName"; Expression={$groupName}},
                              @{Name="MemberType";Expression={'User'}},
                              Name, 
                              GivenName, 
                              Surname, 
                              SamAccountName
            }
            elseif ($member.objectClass -eq 'group') {
                Get-ADGroup -Identity $member.DistinguishedName |
                Select-Object @{Name="GroupName";Expression={$groupName}},
                              @{Name="MemberType";Expression={'Group'}},
                              Name,
                              @{Name="GivenName";Expression={''}},  # groups don't have this property
                              @{Name="Surname";Expression={''}},    # groups don't have this property
                              SamAccountName
            }
        }
    }
}

# output is console
$result | Format-Table -AutoSize

# write to CSV file
$result | Export-Csv -Path 'D:\Test\GroupsInfo.csv' -NoTypeInformation

^{此处的技巧是为用户和组对象输出具有相同属性的对象}

这篇关于Powershell-从广告列表中获取用户信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！