PowerShell 导出不在特定组中的 AD 用户 + 属性
[英]PowerShell export AD users not in specific group + attributes
问题描述
I need to do an AD export with the info below: - all enable users NOT present in a specific group - email address - account name
我需要使用以下信息进行 AD 导出:-全部启用不存在于特定组中的用户-email 地址-帐户名
and export everything into a csv file并将所有内容导出到 csv 文件中
Can u help me please?你能帮帮我吗?
Thanks!!!!谢谢!!!!
1 个解决方案
解决方案1
1 已采纳 2019-10-30 13:19:39
You could do something like the following:您可以执行以下操作:
$group = 'my group name'
$GroupMembers = Get-ADGroupMember $group -Recursive
Get-ADUser -Filter "Enabled -eq '$true'" -Properties Mail |
Where-Object { $_.SamAccountName -notin $GroupMembers.SamAccountName } |
Select-Object SamAccountName,Mail |
Export-Csv Output.csv -NoType
Get-ADGroupMember with the -Recursive switch will recursively retrieve AD objects that are a member of $group .带有-Recursive开关的Get-ADGroupMember将递归检索属于$group成员的 AD 对象。
Get-ADUser utilizes a filter to only query enabled users. Get-ADUser利用过滤器仅查询启用的用户。 Notice that you must add the Mail property because email address attributes are not in the default display.请注意,您必须添加Mail属性,因为 email 地址属性不在默认显示中。 You can tweak this filter to make the query faster.您可以调整此过滤器以加快查询速度。 If you are willing to add a little complexity and do performance testing, it may be faster to build separate Get-ADUser -Filter... queries than relying on Where-Object .如果您愿意增加一点复杂性并进行性能测试,那么构建单独Get-ADUser -Filter...查询可能比依赖Where-Object更快。 Performance will depend on your AD size and how many members are in the target group.性能将取决于您的广告大小以及目标组中有多少成员。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.