[英]How to get group name and EmployeeID from Active Directory?
I have this code where I'm trying to get all user details information existing in an Active Directory. 我在此代码中尝试获取Active Directory中存在的所有用户详细信息。
$path = "C:\ServerDetails"
$LogDate = get-date -f yyyyMMddhhmm
$csvfile = $path + "\ALLADUsers_$logDate.csv"
Import-Module ActiveDirectory
$ADServer = 'xx.xx.x.x'
$username = "abc"
$password = "alpha"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
Get-ADUser -server $ADServer -Credential $cred -Properties msDS-UserPasswordExpiryTimeComputed* -Filter * |
Select-Object @{Label = "First Name";Expression = {$_.GivenName}},
@{Label = "Last Name";Expression = {$_.Surname}},
@{Label = "Display Name";Expression = {$_.DisplayName}},
@{Label = "EmployeeID";e={$_.employeeID}},
@{Label = 'GroupName';e={($_.memberof | %{(Get-ADPrincipalGroupMembership $_).sAMAccountName}) -join ";"}},
@{Label = 'Description';e={$_.Description}},
@{Label = 'PasswordExpired';e={if($_.PasswordExpired){$true} else{$false}}},
@{Label = "PasswordExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},
@{Label = "Logon Name";Expression = {$_.sAMAccountName}},
@{Label = "Phone";Expression = {"Ext - $(-Join $_.TelephoneNumber[-4..-1])"}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE') ) {'Enabled'} Else {'Disabled'}}}, # the 'if statement# replaces $_.Enabled
@{Label = "Last LogOn Date";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}}|
#Export CSV report
Export-Csv -Path $csvfile -NoTypeInformation
All the other details are perfectly fine except for the group name where the user resides and the employeeID number. 除了用户所在的组名和employeeID号之外,其他所有其他细节都很好。
Any help is much appreciated. 任何帮助深表感谢。
What you are after is this. 您所追求的是这个。 It will search the groups of the user, extract the Name and join them as required. 它将搜索用户组,提取名称并根据需要加入它们。
{($_ | %{(Get-ADPrincipalGroupMembership $_.SamAccountName).Name -join ";"})}
What you had was this 你原来是这个
# $_.memberof is using the full name of groups the user is in
# the groups do not have a .SamAccountName for this type
{($_.memberof | %{(Get-ADPrincipalGroupMembership $_).sAMAccountName}) -join ";"}
As for employeeID, can you confirm that the .EmployeeID
attribute is used for one of your users? 至于employeeID,您是否可以确认.EmployeeID
属性用于您的一个用户? Your code seems to work for me when I have something in the EmployeeID field. 当我在EmployeeID字段中输入内容时,您的代码似乎对我有用。 Ensure that you are not using an extensionAttribute
as some companies may be doing. 确保您没有像某些公司那样使用extensionAttribute
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.