使用 Get-AdUser 时如何根据 Powershell 中的多个条件过滤用户
[英]How to filter users based on several criteria in Powershell when using Get-AdUser
问题描述
I have a question that I was hoping someone could help me with, please.
我有一个问题,希望有人能帮助我,拜托。 I am trying to get a list of users who meet this criteria using get-adusers:我正在尝试使用 get-adusers 获取满足此条件的用户列表:
AD field “department” in ('Sales & Admin - All', 'Field - Support','HKLM - All', 'SOD - 1','Home - 1080') AND AD field "title” in ('Client Manager', 'Local Sales', 'Outside Sales, 'Region Manager', 'Deployment Manager') ('Sales & Admin - All'、'Field - Support'、'HKLM - All'、'SOD - 1'、'Home - 1080')中的 AD 字段“department”和('Client Manager)中的 AD 字段“title” '、'本地销售'、'外部销售、'区域经理'、'部署经理')
- “title” can have another value appended after it is separated by a "-" ie “Client Coordinator - Consulting/Solution“. “title”可以在用“-”分隔后附加另一个值,即“Client Coordinator - Consulting/Solution”。 I also need to get rid of/filter that list further of any other Titles that have "- " in their name.我还需要删除/过滤该列表中名称中包含“-”的任何其他标题。
I've got to this point so far, but not sure how to go further.到目前为止,我已经到了这一点,但不知道如何走得更远。 I also don't get all matches for my departments because its looking for an exact match from the include arrays:我也没有得到我部门的所有匹配项,因为它从包含数组中寻找完全匹配:
cls
Import-Module activedirectory
$count = 0
$include_department = @("Sales & Admin - All ","Field - Support", "HKLM - All", "SOD - 1", "Home - 1080")
$include_title = @("Client Manager", "Local Sales", "Outside Sales", "Region Manager", "Deployment Manager")
$exclude_title = @("- ")
$users = Get-ADUser -filter * -properties Department, Title, SamAccountName |
Where-Object {
($_.Department -match ('(' + [string]::Join(')|(', $include_department) + ')')) -and
($_.Title -match ('(' + [string]::Join(')|(', $include_title) + ')')) -and
($_.Department -notcontains "- ")
}
$users | Out-File -FilePath C:\it\file.txt
1 个解决方案
解决方案1
1 已采纳 2022-05-26 20:36:23
As Abraham pointed out in his helpful comment, you can do the filtering using exclusively the AD Filter / LDAP Filter .正如Abraham在他的有用评论中指出的那样,您可以仅使用AD Filter / LDAP Filter进行过滤。
Here is a -LDAPFilter alternative:这是一个-LDAPFilter替代方案:
$map = @{
department = @(
'Sales & Admin - All'
'Field - Support'
'HKLM - All'
'SOD - 1'
'Home - 1080'
)
title = @(
'Client Manager'
'Local Sales'
'Outside Sales'
'Region Manager'
'Deployment Manager'
)
}
$ldapfilter = "(&"
foreach($key in $map.Keys) {
$clause = "(|"
foreach($value in $map[$key]) {
$clause += "($key=$value)"
}
$clause += ")"
$ldapfilter += $clause
}
$ldapfilter += ")"
Get-ADUser -LDAPFilter $ldapfilter -Properties Department, Title, SamAccountName |
Export-Csv path\to\export.csv -NoTypeInformation
The title filter is an exact match of each clause, hence the "get rid of / filter that list further of any other Titles that have - in their name" should be covered. title过滤器是每个子句的精确匹配,因此应该涵盖“摆脱/过滤器,进一步列出任何其他Titles -在他们的名字中” 。
The generated LDAP String would look like this after formatting for readability :格式化后生成的 LDAP 字符串如下所示:
(&
(|
(department=Sales & Admin - All)
(department=Field - Support)
(department=HKLM - All)
(department=SOD - 1)
(department=Home - 1080)
)
(|
(title=Client Manager)
(title=Local Sales)
(title=Outside Sales)
(title=Region Manager)
(title=Deployment Manager)
)
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.