使用来自多个组的用户从 AD 中提取数据并在 Export-CSV 中显示这些组
[英]Extracting data from AD with users from multiple groups and show those groups in Export-CSV
问题描述
Goal: To create an Export-CSV file with data formatted so that it can be imported into another program.
目标:创建一个带有数据格式的 Export-CSV 文件,以便可以将其导入另一个程序。 The data file includes UIDNumber, GivenName, SurName, Record Type, Custom Field 1, Custom Value 1, End.数据文件包括 UIDNumber、GivenName、SurName、Record Type、Custom Field 1、Custom Value 1、End。 The "Custom Field 1" and "End" are filler text that are specific to my department. “自定义字段 1”和“结束”是特定于我的部门的填充文本。
"Custom Value 1" is where I'm having issues. “自定义值 1”是我遇到问题的地方。 I need to get the users then determine which groups they are in and assign those group names to "Custom Value 1" pipe delimited.我需要让用户确定他们所在的组并将这些组名分配给“自定义值 1”pipe 分隔。 Here's what the output should look like: output 应该是这样的:
Employee ID, First Name, Last Name, Record Type, Custom Field 1, Custom Value 1, End
123456, John, Doe, employee, ADGroup-MSelectionList, REF_USERS | PC_USERS, End
I realize my code is over done and slow, but I'm learning.我意识到我的代码已经完成并且速度很慢,但我正在学习。 I have had many thoughts of how to get the user associations out of each group and build out the needed field, just not sure how to get there.对于如何从每个组中获取用户关联并构建所需的字段,我有很多想法,只是不知道如何到达那里。
Here's my code:这是我的代码:
# Var
$LocalVar1 = 'USERGroup1'
$LocalVar2 = 'USERGroup2'
$LocalVar3 = 'USERGroup3'
$Field1 = 'ADGroup-MSelectionList'
$Field2 = 'END'
# Getting the members of each group into one container
$Allusers1 = Get-ADGroupMember -Identity $LocalVar1 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -Properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}}
$Allusers2 = Get-ADGroupMember -Identity $LocalVar2 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}}
$Allusers3 = Get-ADGroupMember -Identity $LocalVar3 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}}
# Putting all the users in one basket
$Allusers = $AllUsers1 + $Allusers2 + $Allusers3
# Removing all of the duplicate users
$Allusers | Sort "Employee_ID" -unique
# Getting the individual users out of each group with required data
$users1 = Get-ADGroupMember -Identity $LocalVar1 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}},@{Name="First Name";Expression={$_.GivenName}},@{Name="Last Name";Expression={$_.SurName}},@{Name="Record Type";Expression={"Employee"}},
@{Name="Custom Field 1";Expression={$Field1}},@{Name="Custom Value 1";Expression={$LocalVar1}},@{Name="END";Expression={$Field2}}
$users2 = Get-ADGroupMember -Identity $LocalVar2 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}},@{Name="First Name";Expression={$_.GivenName}},@{Name="Last Name";Expression={$_.SurName}},@{Name="Record Type";Expression={"Employee"}},
@{Name="Custom Field 1";Expression={$Field1}},@{Name="Custom Value 1";Expression={$LocalVar2}},@{Name="END";Expression={$Field2}}
$users3 = Get-ADGroupMember -Identity $LocalVar3 | ? {$_.objectclass -eq "user" } | Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties * }) | ? {$_.enabled -eq $True} | Select @{Name="Employee ID";Expression={$_.UIDNumber}},@{Name="First Name";Expression={$_.GivenName}},@{Name="Last Name";Expression={$_.SurName}},@{Name="Record Type";Expression={"Employee"}},
@{Name="Custom Field 1";Expression={$Field1}},@{Name="Custom Value 1";Expression={$LocalVar3}},@{Name="END";Expression={$Field2}}
# This is my started attempt to get what I want, but had no luck.
Foreach ($Employee_ID in $Allusers) {
Where-Object($User1 -eq $Allusers)
}
2 个解决方案
解决方案1
0 2021-01-07 18:11:17
Beyond what's stated you're almost certainly having issues because you are using ForEach-Object incorrectly.除了所说的之外,您几乎肯定会遇到问题,因为您错误地使用ForEach-Object 。 You should read up on the differences between ForEach and ForEach-Object, as you are using the former's syntax in a pipeline which is incorrect.您应该阅读ForEach和 ForEach-Object 之间的差异,因为您在不正确的管道中使用了前者的语法。
Docs ForEach-Object Docs ForEach-Object
I'd point out a ForEach-Object Loop isn't needed in this case.我会指出在这种情况下不需要ForEach-Object循环。 Get-ADUser can take the output from Get-ADGroupMember` directly through the pipeline. Get-ADUser can take the output from Get-ADGroupMember 中获取 output。 For example, a refactored segment of your code:例如,重构的代码段:
$Allusers1 = Get-ADGroupMember -Identity $LocalVar1 |
Where-Object { $_.objectclass -eq "user" } |
Get-ADUser -Properties * |
Where-Object { $_.Enabled } |
Select-Object @{Name = "Employee ID"; Expression = { $_.UIDNumber }}
An aside: Notice the formatting difference...顺便说一句:注意格式差异......
Note: You only selected the custom/calculated property you defined.注意:您只选择了您定义的自定义/计算属性。 $AllUsers1 will be an array of objects with only the single property "Employee ID". $AllUsers1将是一个对象数组,只有一个属性“Employee ID”。
Note: Try to avoid -Properties * it's usually overkill.注意:尽量避免-Properties *它通常是矫枉过正的。 Instead give -Properties an array argument with the additional properties you are interested in, in your case that might be something like -Properties "UIDNumber" .而是给-Properties一个数组参数,其中包含您感兴趣的其他属性,在您的情况下,可能类似于-Properties "UIDNumber" 。
As far as the core question, which I think is how to get a pipe-delimited field of a given user's groups.至于核心问题,我认为是如何获得给定用户组的管道分隔字段。 I can't re-work what you've posted, but I can give a concept sample:我无法重新处理您发布的内容,但我可以提供一个概念示例:
$users1 = Get-ADGroupMember -Identity $LocalVar1 |
Where-Object { $_.objectclass -eq "user" } |
Get-ADUser $($_.samaccountname) -properties * |
Where-Object {$_.enabled -eq $True} |
Select-Object @{Name = "Employee ID"; Expression = { $_.UIDNumber }},
@{Name = "First Name"; Expression = { $_.GivenName }},
@{Name = "Last Name"; Expression = { $_.SurName }},
@{Name = "Record Type"; Expression = { "Employee" }},
@{Name = "Custom Field 1"; Expression = { $Field1 }},
@{Name = "Custom Value 1"; Expression = { ( (Get-ADPrincipalGroupMembership $_.samAccountName).Name -join "|" ) }},
@{Name = "END"; Expression = { $Field2 }}
Again, this isn't production worthy.同样,这不值得生产。 It's meant to demonstrate a concept.它旨在展示一个概念。 The key piece is you are taking the user's group memberships, actually an array of those Name properties, and joining them on the pipe character.关键是您正在获取用户的组成员身份,实际上是这些 Name 属性的数组,并在 pipe 字符上加入它们。
Once that's done you still need to send the data to a CSV file.完成后,您仍然需要将数据发送到 CSV 文件。 Continuing this example:继续这个例子:
$users1 | Export-Csv C:\Temp\Users1.csv -NoTypeInformation
An aside: You really should work on formatting your code better.顺便说一句:你真的应该更好地格式化你的代码。 At a minimum, you should line break on the pipe character.至少,您应该在 pipe 字符上换行。 For calculated properties, I either pre-write them and store them in an array or put each one on a new line as I have in the examples.对于计算的属性,我要么预先编写它们并将它们存储在一个数组中,要么将每个属性放在一个新行上,就像我在示例中所做的那样。 There are lots of resources you can use for guidance on that.有很多资源可以用于指导。 For example, the PowerShell Community maintains the "The PowerShell Best Practices and Style Guide" .例如,PowerShell 社区维护着“PowerShell 最佳实践和风格指南” 。
解决方案2
0 2021-01-11 20:13:19
Here's my updated code.这是我更新的代码。 I'm still working on improvements and have cut out about half of my original programming with the IF statement for EmployeeType.我仍在进行改进,并使用 EmployeeType 的 IF 语句削减了大约一半的原始编程。 I created a small -replace code in a separate script to place the "|"我在单独的脚本中创建了一个小的 -replace 代码来放置“|” between each group.每组之间。 I'm also reviewing all of the links you provided and they are a great help.我还在查看您提供的所有链接,它们很有帮助。
# Local Variables
$LocalVar1 = 'Group_1_USERS'
$LocalVar2 = 'Group_2_USERS'
$LocalVar3 = 'Group_3_USERS'
$Field1 = 'ADGroup-MSelectionList'
$Field2 = 'END'
# Going through each group to get extract users
$users1 = Get-ADGroupMember -Identity $LocalVar1 |
? {$_.objectclass -eq "user"} |
Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties SamAccountName, Enabled }) |
? {$_.enabled -eq $True} |
Select @{Name="SamAccountName";Expression={$_.SamAccountName}}
$users2 = Get-ADGroupMember -Identity $LocalVar2 |
? {$_.objectclass -eq "user"} |
Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties SamAccountName, Enabled }) |
? {$_.enabled -eq $True} |
Select @{Name="SamAccountName";Expression={$_.SamAccountName}}
$users3 = Get-ADGroupMember -Identity $LocalVar3 |
? {$_.objectclass -eq "user"} |
Foreach-Object ({ Get-ADUser $($_.samaccountname) -properties SamAccountName, Enabled }) |
? {$_.enabled -eq $True} |
Select @{Name="SamAccountName";Expression={$_.SamAccountName}}
# Putting all the users in one basket, Sort the users and remove
$Data = $Users1 + $users2 + $users3 | Sort "SamAccountName" -Unique
# Extracting, Formatting and Output
$Data | Foreach ({ Get-ADUser $($_.samaccountname) -properties EmployeeType, UIDNumber, GivenName, SurName, SamAccountName }) |
Select-Object @{Name="Employee ID";Expression={$_.UIDNumber}},
@{Name="First Name";Expression={$_.GivenName}},
@{Name="Last Name";Expression={$_.SurName}},
@{Name="Record Type";Expression={ If ($_.EmployeeType -eq "E") {"Employee"} else {"Contractor"}}},
@{Name="Custom Field 1";Expression={$Field1}},
@{Name="Custom Value 1";Expression={ ( (Get-ADPrincipalGroupMembership $_.samAccountName).Name |
Where-Object {$_ -Like "Group_*_USERS"})}},
@{Name="END";Expression={$Field2}}|
Export-CSV -Path "W:\$((Get-Date).ToString("yyyyMMdd_hh"))_File.csv" -NoTypeInformation
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.