[英]how to resolve Error in Loop to get GPO from OU
I created a PS script to find GPOs linked in an OU and subOUs, what am I doing wrong? 我创建了一个PS脚本来查找在OU和subOU中链接的GPO,我在做什么错呢? I get this error and am confused about the message: 我收到此错误,并对消息感到困惑:
Get-ADOrganizationalUnit : Cannot bind parameter 'Identity'. Get-ADOrganizationalUnit:无法绑定参数“ Identity”。 Cannot convert the "@{DistinguishedName=OU=Windows 7,DC=domain,DC=com}" value of type "Selected.Microsoft.ActiveDirectory.Management.ADOrganizationalUnit" to type "Microsoft.ActiveDirectory.Management.ADOrganization alUnit". 无法将类型“ Selected.Microsoft.ActiveDirectory.Management.ADOrganizationalUnit”的“ @ {DistinguishedName = OU = Windows 7,DC = domain,DC = com}”值转换为类型“ Microsoft.ActiveDirectory.Management.ADOrganization alUnit”。 At F:\\Untitled4.ps1:11 char:39 + $LinkedGPOs = Get-ADOrganizationalUnit <<<< $OU | 在F:\\ Untitled4.ps1:11 char:39 + $ LinkedGPOs = Get-ADOrganizationalUnit <<<< $ OU | select-object -ExpandProperty LinkedGroupPolicyObjects + CategoryInfo : InvalidArgument: (:) [Get-ADOrganizationalUnit], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.GetADOrganizationalUnit 选择对象-ExpandProperty LinkedGroupPolicyObjects + CategoryInfo:InvalidArgument:(:) [Get-ADOrganizationalUnit],ParameterBindingException + FullyQualifiedErrorId:CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.GetADOrganizationalUnit
get-module activedirectory,grouppolicy
$exportFilePath = "c:\temp\AllGPOsWin7-report date $(get-date -f dd-MM-yyyy).csv"
$OU = "ou=Windows 7,dc=domain,dc=com"
$AllSubOU = Get-ADOrganizationalUnit -SearchBase $OU -SearchScope Subtree -Filter * |
Select-Object DistinguishedName
foreach ($OU in $AllSubOU){
$OU
$LinkedGPOs = Get-ADOrganizationalUnit $OU | select-object -ExpandProperty LinkedGroupPolicyObjects
$LinkedGPOGUID = $LinkedGPOs | foreach-object{$_.substring(4,36)}
$GPOName = $LinkedGPOGUID | foreach-object{get-gpo -guid $_ | select-object displayname}
$OU,$ListGPO -join "," | Out-File -FilePath $exportFilePath -Append -Width 200
The issue is with your 问题出在你的
$AllSubOU = Get-ADOrganizationalUnit -SearchBase $OU -SearchScope Subtree -Filter * |
Select-Object DistinguishedName
command, this should be change to 命令,这应该更改为
$AllSubOU = Get-ADOrganizationalUnit -SearchBase $OU -SearchScope Subtree -Filter * |
Select-Object -ExpandProperty DistinguishedName
Since you didn't specify the expand part, PowerShell was returning it inside a container. 由于未指定扩展部分,因此PowerShell会将其返回到容器中。 Hence the OU being in curly brackets {} in the error code 因此,OU在错误代码中位于大括号{}中
UPDATE - Following from the comments on this answer, please see below: 更新 -根据对此答案的评论,请参见以下内容:
#create a new hashtable
$hashTable = [hashtable]::new{}
#define the root OU
$rootOU = "OU=computers,DC=domain,DC=local"
#get all the sub OU in the root OU
$allSubOU = Get-ADOrganizationalUnit -SearchBase $rootOU -SearchScope Subtree -Filter * | Select-Object -ExpandProperty DistinguishedName
#loop through the sub OUs
foreach ($subOU in $allSubOU){
#get the linked GPO objects on the OU
$linkedGPO = Get-ADOrganizationalUnit $subOU | Select-Object -ExpandProperty LinkedGroupPolicyObjects
#if the OU has a GPO then run through them
if ($linkedGPO){
#adding name to hashtable for current OU
$hashTable.Add($subOU, @())
#running through each GPO in sub OU
foreach($GPO in $linkedGPO){
#getting GUID from GPO
$GPOGuid = $GPO.SubString(4,36)
#using GUID to get displayname of GPO
$GPOName = Get-GPO -Guid $GPOGuid | Select-Object -ExpandProperty DisplayName
#add the GPO to the hashttable for the current OU
$hashTable.$subOU += $GPOName
}
}else{
#ou has no GPOs
$hashTable.Add($subOU, "No GPO")
}
}
#enumerate through the hashtable
$hashTable.GetEnumerator() |
#add OU to OU column in csv
Select-Object -Property @{N='OU';E={$_.Name}},
#add GPO to GPO(s) column in CSV
@{N='GPO(s)';E={$_.Value} } |
#export to CSV
Export-Csv -NoTypeInformation -Path PATH
Note that $ListGPO
does not exist, and you have to expand the GPOs in case more than one is linked. 请注意, $ListGPO
不存在,并且如果有多个链接,则必须扩展GPO。 Moreover, Get-ADOrganizationalUnit
has to extract the property LinkedGroupPolicyObjects
to use it (use -Properties LinkedGroupPolicyObjects
) I changed separator in -join from "," to "|" 此外, Get-ADOrganizationalUnit
必须提取属性LinkedGroupPolicyObjects
才能使用它(使用-Properties LinkedGroupPolicyObjects
),我将-join中的分隔符从“,”更改为“ |” because Distinguishednames have commas inside. 因为专有名称中包含逗号。 Also, -width 200
would cut off GPO when that limit is reached. 同样, -width 200
将在达到该限制时切断GPO。 Would be better to build a custom object and use Export-Csv
probably. 建立一个自定义对象并使用Export-Csv
可能更好。
Find below a tentative script . 在下面找到一个暂定脚本。
get-module activedirectory,grouppolicy
$exportFilePath = "c:\temp\AllGPOsWin7-report date $(get-date -f dd-MM-yyyy).csv"
$myOU = "ou=Windows 7,dc=domain,dc=com"
$AllSubOU = (Get-ADOrganizationalUnit -SearchBase $OU -SearchScope Subtree -Filter *).DistinguishedName
foreach ($myOU in $AllSubOU){
$myOU
$LinkedGPOs = ( Get-ADOrganizationalUnit $myOU -properties LinkedGroupPolicyObjects).LinkedGroupPolicyObjects
$LinkedGPOGUID = $LinkedGPOs | foreach-object{$_.substring(4,36)}
$GPOName = ( $LinkedGPOGUID | foreach-object { (get-gpo -guid $_) | select-object -expandproperty displayname}) -join "|"
$out = if ( $GPOname ) { $myOU,$GPOName -join "|"} else { $myOU }
$out | Out-File -FilePath $exportFilePath -Append -Width 200
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.