堆栈内存溢出
  简体   繁体   English

如何根据组扩展属性获取用户所属的所有组

[英]How to get all groups that a user is a member of, based on group extensionattribute

 原文  2020-08-21 21:51:26       powershell/ active-directory/ ldap

问题描述

I'm tryng to get all the groups the users of a domain are member of, but filtering only the groups with a given extensionattribute .我正在尝试获取域用户所属的所有组,但仅过滤具有给定extensionattribute的组。 I set the extensionattribute12 of all the domain groups to better filter some queries (ie Infrastructure - security - elearning).我设置所有域组的extensionattribute12以更好地过滤一些查询(即基础设施 - 安全 - 电子学习)。 My query should get only the user(s) groups with我的查询应该只获取用户组

extensionattribute12=security extensionattribute12=安全

(for example). (例如)。 I use something like:我使用类似的东西:

get-aduser -filter  -Properties memberof | select name, @{ l="GroupMembership"; e={$_.memberof  -join ";"  } }

and I get all the groups of the users.我得到了所有的用户组。 How can I filter by group extensionattribute?如何按组扩展属性过滤?

3 个解决方案

解决方案1
 2  2020-08-21 22:15:16

You could use the inverse relationship ( member on the group object) to query all the groups a user is a member of, just 1 query per user.您可以使用反向关系(组对象上的member )来查询用户所属的所有组,每个用户只需 1 个查询。 Here using an LDAP filter:这里使用 LDAP 过滤器:

$groupLabel = "Security"

Get-ADUser -Filter * |ForEach-Object {
  $groups = Get-ADGroup -LDAPFilter "(&(extensionattribute12=$groupLabel)(member=$($_.DistinguishedName)))"

  [pscustomobject]@{
    User = $_.SamAccountName
    GroupMembership = $groups.DistinguishedName -join ';'
  }
}

If you have to process a large number of users or group memberships, you may find it faster to retrieve all the groups satisfying the extensionAttribute12 criteria up front and use that list to filter the memberOf attribute on the users:如果您必须处理大量用户或组成员身份,您可能会发现预先检索满足extensionAttribute12条件的所有组并使用该列表过滤用户的memberOf属性会更快:

$groupLabel = "Security"
# Create a hash set and populate it with the distinguished 
# names of all the groups we're looking for
$groupDNs = [System.Collections.Generic.HashSet[string]]::new(@(
  Get-ADGroup -Filter "extensionAttribute12 -eq '$groupLabel'" |Select -Expand DistinguishedName
))

Get-ADUser -Filter * -Properties memberOf |ForEach-Object {
  # Retrieve memberOf values and filter against the hash set
  $groups = $_.memberOf |Where-Object { $groupDNs.Contains($_) }

  [pscustomobject]@{
    User = $_.SamAccountName
    GroupMembership = $groups -join ';'
  }
}

解决方案2
 1  2020-08-21 22:10:57

Make it with N+1 queries使用 N+1 个查询

$groups = @( Get-ADGroup -Filter '(extensionattribute12 -eq "security")' )
$users = @( $groups | 
    ForEach-Object { Get-ADGroupMember -Identity $_ -Recursive } | 
    Sort-Object -Unique )

$users # All users of all groups that have EA12 = security

解决方案3
 0  2020-08-31 09:11:53

Get-ADUser -filter {...} -Properties memberof | select name, @{ l="GroupMembership"; e={( $_.memberof | Get-ADGroup |?{ $_.extensionattribute12 -eq 'security' }) -join ";" }} |?{ $_.GroupMembership }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取用户所属的所有组? - How to get all groups that a user is a member of? 如何获取本地用户所属的所有本地组 - How to get all local groups that a local user is a member of 递归获取用户/组的所有组 - Get all Groups of a user/group recursively PowerShell:获取成员所属的所有组,包括组类型 - PowerShell: Get all groups a member belongs to, include group type 如何仅显示组用户的组名是Powershell中的成员 - How to display just the group name of groups user is member of in powershell 如果用户是组列表的成员,如何遍历用户的组成员资格并返回用户 - How to iterate through user's group membership and return user if they are a member of a list of groups 如何计算用户所属的 AD 组数 - How to Count the number of AD Groups a user a member of 如何使用 Powershell 或其他工具(递归)获取所有 AD 用户组? - How to get ALL AD user groups (recursively) with Powershell or other tools? 如何将所有组和组层次结构的成员导入到csv中 - How can I import all groups and the member of groups hierarchy into a csv 如何通过 powershell 获取具有多个子组的一个 AD 组中的所有成员? - How can I get all of the members within one AD Group with many child groups by powershell?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM