Powershell导出Active Directory用户数据不完整
[英]Powershell export Active Directory User data not complete
问题描述
I have to export the user data of accounts before we delete them. 
在删除帐户之前,我必须先导出帐户的用户数据。 The problem is, that not all group memberships are written in the .txt file (example below). 问题是,并非所有的组成员身份都写入.txt文件中(下面的示例)。
This is the code: 这是代码:
Get-ADUser -Properties * -Filter "cn -eq '$name'" |
format-list -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $name | select -expandproperty name)}}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}} |
#write data into txt file
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
And this is the output: 这是输出:
Name : John Doe
Initials : Jdo
Email : John.Doe@acme.com
Groups : {Domain-User, Remotedesktopuser, Administrator, Share-User...}
Creation : 23.03.2018 13:36:44
Deletion : 17.12.2018 08:46:30
Last Change : 16.12.2018 10:42:21
1 个解决方案
解决方案1
1 已采纳 2018-12-17 09:11:22
It's really not the Format-List causing this, the same thing would happen with a select, though using Format-* like this is not really a thing. 确实不是由Format-List引起的,选择会发生同样的事情,尽管像这样使用Format- *并不是真正的事情。 This will be a list by default, so, no real reason to use it for what you are after. 默认情况下,这将是一个列表,因此,没有真正的理由将其用于所追求的目标。
You don't even need that expand. 您甚至不需要扩展。
The issue is the fact that you cannot use that loop and expect that to work, the auto formatters won't allow it. 问题是您不能使用该循环并期望它可以工作,自动格式化程序将不允许它。 You have to directly handle the collection, something like this... 您必须直接处理集合,就像这样...
Get-ADUser -Properties * -Filter * |
Select-Object -property @{Label = "Name";Expression = {$_.sAMAccountName}},
@{Label = "Initials";Expression = {$_.initials}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Creation";Expression = {$_.whenCreated}},
@{Label = "Deletion";Expression = {%{(Get-Date)}}},
@{Label = "Last change";Expression = {$_.whenChanged}},
@{Label = "Groups";Expression = {%{(Get-ADPrincipalGroupMembership $_.SamAccountName).Name -join ','}}} |
Out-File -append "C:\temp\deleted.txt" -Encoding utf8
Get-Content -Path "C:\temp\deleted.txt"
# Results
Name : Administrator
Initials :
Email : Administrator@contoso.com
Creation : 3/31/2017 8:02:15 PM
Deletion : 12/17/2018 4:07:52 AM
Last change : 12/9/2018 7:23:22 PM
Groups : Domain Users,Administrators,Schema Admins,Enterprise Admins,Domain Admins,Group Policy Creator Owners,Organization Management,Recipient
Management,ADSyncAdmins,ADRMSSuperUsers
…
Update as per the OP comment / question 根据OP评论/问题进行更新
No worries, glad it worked for you. 不用担心,很高兴它为您服务。
As for ... 至于...
Would you mind to explain me what the difference between that two AD Group commands are?
If you mean ... 如果你的意思是 ...
Get-ADPrincipalGroupMembership Administrator |
... vs ... (Get-ADPrincipalGroupMembership Administrator).Name
... they are ostensibly the same thing, each producing and array list of group names. ...表面上看,它们是同一件事,每个产生和阵列的组名列表。
# use the expand switch to show the group name list
Get-ADPrincipalGroupMembership Administrator | select -expandproperty name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
# Use the property to view the group name list
(Get-ADPrincipalGroupMembership Administrator).Name
Domain Users
Administrators
Schema Admins
Enterprise Admins
Domain Admins
Group Policy Creator Owners
Organization Management
Recipient Management
ADSyncAdmins
ADRMSSuperUsers
However, the formatters, when the data is being serialized, will try to put this all on one line. 但是,格式化程序在对数据进行序列化时,将尝试将所有内容放在一行上。 Yet, they will truncate this to fit the screen / page width. 但是,他们会将其截断以适合屏幕/页面宽度。 So, if you want a different layout, then either you need to go in and muck with the default formatter files, or handle it is code. 因此,如果您想要不同的布局,则要么需要使用默认的格式化程序文件来处理,要么通过代码来处理。 Personally, I never try to mess with them, and just work to handle it in code. 就我个人而言,我从不尝试与他们混为一谈,而只是努力用代码来处理它。 So, this... 所以这...
(Get-ADPrincipalGroupMembership Administrator).Name -join ','
... just says, I know this collection is an array list. ...只是说,我知道这个集合是一个数组列表。 I know that this will get truncated per screen/page width, so, concatenate this list of strings as one string and autowrap. 我知道这将在每个屏幕/页面宽度上被截断,因此,将此字符串列表连接为一个字符串并自动换行。
You could have done the same thing with your original expand the same way ... 您可以用原来的扩展方式以相同的方式完成相同的事情...
(Get-ADPrincipalGroupMembership Administrator | select -expandproperty name) -join ','
I stuck the groups list at the end for aesthetic reasons as well as the shorter form, as I prefer not writing unnecessary code or using unneeded options as much as possible. 出于美观原因和较短的形式,我将组列表放在最后,因为我宁愿不要编写不必要的代码或尽可能多地使用不需要的选项。 Everyone has their preferences. 每个人都有自己的喜好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.