PowerShell递归直接报告ADSI
[英]PowerShell recursive direct reports ADSI
问题描述
I am trying to get a list of everyone under a manager (span of control if you will). 
我正在尝试获取经理下的每个人的清单(如果可以的话,控制范围)。 I have the code that works with the Active Directory module, but i am not able to figure out how to do it with ADSI. 我有与Active Directory模块一起使用的代码,但无法弄清楚如何使用ADSI。
I have tried using this code to start: 我尝试使用此代码开始:
Function GetManager($Manager, $Report)
{
# Output this manager and direct report.
"""$Manager"",""$Report""" | Out-File -FilePath $File -Append
# Find the manager of this manager.
$User = [ADSI]"LDAP://$Manager"
$NextManager = $User.manager
If ($NextManager -ne $Null)
{
# Check for circular hierarchy.
If ($NextManager -eq $Report) {"Circular hierarchy found with $Report"}
Else
{
GetManager $NextManager $Report
}
}
}
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("manager") > $Null
$Searcher.SearchRoot = "LDAP://" + $Domain.distinguishedName
$File = ".\ADOrganization.csv"
"Organization: $D" | Out-File -FilePath $File
"Manager,Direct Report" | Out-File -FilePath $File -Append
# Find all direct reports, objects with a manager.
$Filter = "(manager=*)"
# Run the query.
$Searcher.Filter = $Filter
$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
$ReportDN = $Result.Properties.Item("distinguishedName")
$ManagerDN = $Result.Properties.Item("manager")
GetManager $ManagerDN $ReportDN
}
This is from the article here https://social.technet.microsoft.com/Forums/windows/en-US/7bc3d133-e2b3-4904-98dd-b33993db628a/recursively-select-all-subordinates-for-all-users-from-ad?forum=winserverpowershell . 这是来自这里的文章https://social.technet.microsoft.com/Forums/windows/zh-CN/7bc3d133-e2b3-4904-98dd-b33993db628a/recursively-select-all-subordinates-for-all-users- from-ad?forum = winserverpowershell 。 I am sure this works, but i can't figure out how to have it search for a specified manager. 我敢肯定这是可行的,但我不知道如何让它搜索指定的经理。 Can anyone push me in the right direction? 谁能将我推向正确的方向? Thanks! 谢谢!
2 个解决方案
解决方案1
0 已采纳 2017-07-19 07:59:37
$Filter = "(manager=<ManagerDN>)"或更具体:
$Filter = "(manager=CN=<ManagerCN>,OU=<ManagerOU>,$($Domain.distinguishedName))"解决方案2
-1 2019-10-23 17:46:48
$USER.Properties.managedobjects List all groups you are a direct manager of. $USER.Properties.managedobjects列出您直接管理的所有组。
But how to do this Recursive if Manager is a group, that the user is part of... I tried this.. but doesn't seem to give me what I need.. 但是,如果Manager是一个组,而该用户是其中的一部分,该如何执行递归操作……我尝试了此操作。
if([string]$_.objectcategory -eq "CN=Group,CN=Schema,CN=Configuration,<domain>"){ [adsi]"LDAP://$($_.managedby)"|%{$_ if([string]$_.objectcategory -eq "CN=Group,CN=Schema,CN=Configuration,<domain>"){$_.member|%{$user=([adsi]"LDAP://$_").displayName}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.