Get-ADUser 和嵌套组问题
[英]Get-ADUser and issue with nested groups
问题描述
When I run the command below on a nested group, I get the error below.
当我在嵌套组上运行以下命令时,出现以下错误。
$properties = 'SamAccountName','GivenName'
(Get-ADGroup -identity $group -properties members).members | Get-ADUser -property $properties | select-object $properties
The setup is such that $group is a parent of all other groups, for example $group = 'All_USA', there are other groups all under $group such as NY_Group and TX_Group to name a few.设置使得 $group 是所有其他组的父级,例如 $group = 'All_USA',还有其他组都在 $group 下,例如 NY_Group 和 TX_Group 等等。
Get-ADUSer cannot find object with identity 'CN=DG NY_Group,OU=Messaging... Get-ADUSer 找不到身份为 'CN=DG NY_Group,OU=Messaging... 的 object
This issue only happens where the group is a parent group which has other child groups inside it.此问题仅发生在该组是其中包含其他子组的父组时。
1 个解决方案
解决方案1
1 2021-02-06 19:53:11
The members from Get-ADGroup can also be other groups or computer objects, not only users. Get-ADGroup中的成员也可以是其他组或计算机对象,而不仅仅是用户。
Try尝试
Get-ADGroupMember -Identity $group -Recursive |
Where-Object { $_.objectClass -eq 'user' } |
Get-ADUser |
Select-Object SamAccountName, GivenName
You may want to add switch -Unique to the Select-Object cmdlet so you don't listy users that were found in nested groups aswell.您可能希望将 switch -Unique添加到Select-Object cmdlet,这样您就不会同时列出在嵌套组中找到的用户。
'SamAccountName' and 'GivenName' properties are returned by default with Get-ADUser默认情况下,使用Get-ADUser返回“SamAccountName”和“GivenName”属性
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.