PS从组以及用户和用户属性的总和中导出特定字段
[英]PS export specific fields from groups and sum of users and user attributes
问题描述
Need to export overall groups info in particular OU (recursively) from Acitve Directory structure with these fields: 
需要从Acitve Directory结构中使用以下字段(递归)导出总体组信息,特别是OU:
OU |
all this info I need for each OU (Groups hierarchy,recursively). 我需要为每个OU(递归地为“组”层次结构)提供所有这些信息。
I've found several examples and tried to consolidate'em, but I'm having several troubles in output. 我找到了几个示例并尝试合并它们,但是我在输出中遇到了一些麻烦。 I've coded them below in comments. 我在下面将它们编码为注释。 This is the code for now: 这是现在的代码:
#searchbase OU
$OU="OU=Groups,OU=OUNAME,DC=DCNAME2,DC=DCNAME,DC=domain"
$group = Get-ADGroup -filter * -Properties *
$allou = (Get-ADObject -Filter {ObjectClass -eq "organizationalUnit"} -SearchBase $OU).DistinguishedName
#list all sub OUs
Foreach($ou in $allou){
$LIST = Get-ADObject -LDAPFilter "(objectClass=group)" -SearchBase $OU -SearchScope OneLevel
#begin work with each OU
$LIST | ForEach-Object {
$users=Get-ADGroupMember $_.DistinguishedName | Where ObjectClass -eq "user"
$total=($users | measure-object).count #counts right
$Enabled=($users | where {$_.Enabled} | Measure-Object).count #always shows zero (0)
$Disabled=$total-$Enabled
$NonExpirePasses=(Get-ADUser -Identity $_.DistinguishedName | where {$_.PasswordNeverExpires -ne $true} | Measure-Object).count #doesn't work
#this variant won't work either: $NonExpirePasses=($users | where {$_.PasswordNeverExpires -ne $true} | Measure-Object).count
$PassesOver90d=($users | where {$_.PasswordLastSet -lt (Get-Date).AddDays(-10)} | Measure-Object).count #the same - always shows 0
#this variant won't work either: $PassesOver90d=(Get-ADUser $_.DistinguishedName | where {$_.PasswordLastSet -lt (Get-Date).AddDays(-90)} | Measure-Object).count
$GroupCategory=Get-ADGroup $_.DistinguishedName | Select-Object GroupCategory
$GroupScope=Get-ADGroup $_.DistinguishedName | Select-Object GroupScope
$InGroups=(($_.MemberOf | %{(Get-ADGroup $_).sAMAccountName}).count -join ";")
#consolidate info in new object
New-Object psobject -Property @{
OU=$OU;
GroupName=$_.Name;
GroupCategory=$GroupCategory;
GroupScope=$GroupScope; #<<<always gives "@{GroupCategory=Security}' or @{GroupCategory=Distribution} format, and i need simple 'Security'/'Distribution'
InGroups=$InGroups; #<<<always 0
TotalUsers=$Total;
Enabled=$Enabled; #<<<always 0
Disabled=$Disabled;
PassesOver90d=$PassesOver90d; #<<<always 0
NonExpirePasses=$NonExpirePasses} | #<<<even doesn't shown (no 0),no info
#sorted output, finish
Select OU,GroupName,GroupCategory,GroupScope,InGroups,TotalUsers,Enabled,Disabled,NonExpirePasses,PassesOver90d
}
}
This is the sample output (besides red mistakes with Identity in Get_ADUser commands): 这是示例输出(除了Get_ADUser命令中的Identity出现红色错误):
OU : OU=SD,OU=Distribution Groups,OU=Groups,OU=OUNAME,DC=DCNAME2,DC=DCNAME,DC=domain
GroupName : BT23_USERS
GroupCategory : @{GroupCategory=Security}
GroupScope : @{GroupScope=Universal}
TotalUsers : 15
Enabled : 0
Disabled : 15
NonExpirePasses :
PassesOver90d : 0
Resulting info is gathered very slowly.How to optimize the code ? 结果信息收集非常缓慢。如何优化代码?
1 个解决方案
解决方案1
0 已采纳 2018-06-07 10:20:09
Here's a version that seems to work: 这是一个可行的版本:
$rootOU="OU=Groups,OU=OUNAME,DC=DCNAME2,DC=DCNAME,DC=domain"
$everyOU = (Get-ADObject -Filter {ObjectClass -eq "organizationalUnit"} -SearchBase $rootOU)
$everyOU | ForEach-Object {
Get-ADGroup -Filter {Name -like "*"} -SearchBase $_.DistinguishedName -SearchScope OneLevel -Properties * |
ForEach-Object {
$users = Get-ADGroupMember $_.DistinguishedName |
Where ObjectClass -eq "user" | ForEach-Object {Get-ADUser $_.SamAccountName -Property PasswordLastSet, PasswordNeverExpires}
$total = @($users).Count
$enabled = ($users | Where-Object Enabled -eq $true | Measure-Object).Count
$disabled = $total - $enabled
$NonExpirePasses = @($users | Where-Object PasswordNeverExpires -ne $true).Count
$PassesOver90d = @($users | Where-Object PasswordLastSet -lt (Get-Date).AddDays(-10)).Count
$GroupCategory = Get-ADGroup $_.DistinguishedName | Select-Object GroupCategory
$GroupScope = Get-ADGroup $_.DistinguishedName | Select-Object GroupScope
$InGroups = ($_.MemberOf).Count
[PsCustomObject]@{
OU=$_.DistinguishedName
GroupName=$_.Name
GroupCategory=$GroupCategory.GroupCategory
GroupScope=$GroupScope.GroupScope
InGroups=$InGroups
TotalUsers=$Total
Enabled=$Enabled
Disabled=$Disabled
PassesOver90d=$PassesOver90d
NonExpirePasses=$NonExpirePasses
}
}
} | Format-Table GroupName,GroupCategory,GroupScope,InGroups,TotalUsers,Enabled,Disabled,PassesOver90d,NonExpirePasses,OU -AutoSize
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.