[英]SQL SCCM 2012 Report Return Local Admins not in specified AD Group
I've been looking over the internet and StackOverflow for a while and have come to a point where I am lost. 我已经看了一段时间的互联网和StackOverflow,到了迷路的地步。 Unfortunately, SQL is not one of my strong points. 不幸的是,SQL并不是我的强项之一。 I am trying to get a report of Local Computer Admins. 我正在尝试获取本地计算机管理员的报告。 This part is working correctly. 这部分工作正常。 I need to filter this list by AD Groups, which is also working, and by members of the AD groups, not currently working. 我需要按也正在工作的AD组和当前不工作的AD组成员筛选此列表。
Here's what I have: 这是我所拥有的:
SELECT DISTINCT
v_gs_computer_system.Name0 as 'Computer'
,v_GS_LocalGroupMembers0.Account0 as 'Administrator'
,v_GS_LocalGroupMembers0.Category0 as 'Scope'
,v_GS_LocalGroupMembers0.Type0 as 'Type'
,U.User_Name0 as 'User'
,G.User_Group_Name0 as 'Group'
FROM
v_GS_LocalGroupMembers0
INNER JOIN v_gs_computer_system ON v_GS_LocalGroupMembers0.resourceID = v_gs_computer_system.resourceID
FULL OUTER JOIN v_R_User U on v_GS_LocalGroupMembers0.Account0 = U.User_Name0
FULL OUTER JOIN v_RA_User_UserGroupName G ON G.ResourceID = U.ResourceID
WHERE
v_GS_LocalGroupMembers0.Name0 = 'Administrators'
AND NOT
(v_GS_LocalGroupMembers0.Account0 = 'Domain Admins'
OR G.User_Group_Name0 = 'Domain\GroupName'
)
The parts that are working: 起作用的部分:
What I need help with: 我需要什么帮助:
I see that what I am doing is wrong because it does remove the Row for the group of the user, but I want it to remove the user entirely from the report. 我看到我在做什么错了,因为它确实删除了该用户组的行,但是我希望它从报表中完全删除该用户。 Any help you can provide would be greatly appreciated. 您能提供的任何帮助将不胜感激。
So, after some time and tinkering, I was able to get what I wanted with the following: 因此,经过一段时间的修改,我可以通过以下方式获得想要的东西:
SELECT DISTINCT
v_gs_computer_system.Name0 as 'Computer',
v_GS_LocalGroupMembers0.Account0 as 'Account Name',
v_GS_LocalGroupMembers0.Category0 as 'Security Principle',
v_GS_LocalGroupMembers0.Type0 as 'Scope'
FROM
v_GS_LocalGroupMembers0
INNER JOIN
v_gs_computer_system ON v_GS_LocalGroupMembers0.resourceID = v_gs_computer_system.resourceID,
v_R_User
WHERE
v_GS_LocalGroupMembers0.Name0 = 'Administrators'
AND NOT (
v_GS_LocalGroupMembers0.Account0 = 'Domain Admins' OR
v_GS_LocalGroupMembers0.Account0 = 'Administrator'
)
AND (
v_GS_LocalGroupMembers0.Account0 NOT IN (
SELECT v_R_User.User_Name0
FROM v_R_user
LEFT JOIN v_RA_User_UserGroupName ON v_R_User.ResourceID = v_RA_User_UserGroupName.ResourceID
WHERE
v_RA_User_UserGroupName.User_Group_Name0 = 'Domain\Domain Admins'
)
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.