用于获取用户名的 AD 组成员身份的 Powershell 脚本
[英]Powershell script for getting AD Group Membership for usernames
问题描述
I want to write script for getting AD Group Membership that is beginning with SSL_VPN for usernames listed in a CSV.
我想编写脚本来获取以 SSL_VPN 开头的 AD 组成员身份,用于 CSV 中列出的用户名。
I have tried so far :到目前为止我已经尝试过:
Import-Csv C:\Users.csv |
ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} |
Get-ADprincipalGroupMembership |
Select-Object @{ n = 'samaccountname'; e = { $user.samaccountname } }, name |
Export-csv -path C:\UserPermiss.csv -NoTypeInformation
2 个解决方案
解决方案1
1 已采纳 2020-02-27 14:02:37
Getting users by their DisplayName property is not the safest thing to do.通过 DisplayName 属性获取用户并不是最安全的做法。 It would be so much better if your CSV file has other, more unique properties to go by, like SamAccountName , UserPrincipalName , DistinguishedName or EmailAddress ..如果您的 CSV 文件具有其他更独特的属性,例如SamAccountName 、 UserPrincipalName 、 DistinguishedName或EmailAddress , UserPrincipalName 。
Anyway, in your loop, you should check if a user with that name can be found and only if so, get the group membership.无论如何,在您的循环中,您应该检查是否可以找到具有该名称的用户,并且只有在找到时才获得组成员资格。
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
if ($user) {
Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
Where-Object { $_.name -like 'SSL_VPN*' } |
Select-Object @{ Name = 'SamAccountName'; Expression = { $user.SamAccountName } },
@{ Name = 'Group'; Expression = { $_.name }}
}
else {
Write-Warning "User '$($_.username)' not found"
# if you want this message to also appear in your output CSV, do something like this:
[PsCustomObject]@{
'SamAccountName' = "User '$($_.username)' not found"
'Group' = ''
}
}
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
If you want to see a warning message when the user is not a member of the SSL_VPN group, you can do:如果您想在用户不是 SSL_VPN 组成员时看到警告消息,您可以执行以下操作:
Import-Csv 'C:\Users.csv' | ForEach-Object {
$user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName
if ($user) {
$group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName |
Where-Object { $_.name -like 'SSL_VPN*' }
if ($group) {
[PsCustomObject]@{
'SamAccountName' = $user.SamAccountName
'Group' = $group.name
}
}
else {
Write-Warning "User '$($_.username)' is not a member of ssl_vpn group"
}
}
else {
Write-Warning "User '$($_.username)' not found"
}
} | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
解决方案2
0 2020-02-27 13:55:09
You can use something like this(frist line of csv must be samaccountname):你可以使用这样的东西(csv的第一行必须是 samaccountname):
$users=Import-Csv D:\adusers.CSV
foreach($user in $users){
$groupname=Get-ADPrincipalGroupMembership -Identity $user.samaccountname |where {$_.name -like "SSL_VPN*"}|select -ExpandProperty name
if($groupname -ne $null){
foreach($group in $groupname){
[string]$data=($user|select -ExpandProperty samaccountname)+';'+$group
$data|Out-File -FilePath d:\stack.csv -Encoding utf8 -Append
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.