[英]How to get all security groups that contain managedby?
As part of the access review, I need to provide a report of security groups.作为访问审查的一部分,我需要提供一份安全组报告。 I would like to know how I can do to have the list of all the security groups whose managedby field has a value.
我想知道如何才能获得 managedby 字段具有值的所有安全组的列表。
Also, i would like the managedby to show only the full name另外,我希望 managedby 只显示全名
Here what i have这是我所拥有的
get-ADGroup -filter {(Managedby -contains "*") -and (GroupCategory -eq "Security")} -Properties * | Select Name, SamAccountName, ManagedBy
Your code is almost correct, the problem is -contains
is a PowerShell comparison operator and is not supported by the Active Directory Filter .您的代码几乎是正确的,问题是 -contains 是一个
-contains
比较运算符,并且不受Active Directory Filter支持。
When searching for an attribute not null (usually) :当搜索不是 null的属性时(通常) :
-Filter
-Filter
"attributeName -like '*'"
-LDAPFilter
-LDAPFilter
"(attributeName=*)"
However for this case unfortunately I have no idea how to do this filter using -Filter
(I personally dislike it), if you try:但是,不幸的是,对于这种情况,我不知道如何使用
-Filter
执行此过滤器(我个人不喜欢它),如果您尝试:
Get-ADGroup -Filter "managedby -like '*'"
You would get the following error:你会得到以下错误:
Get-ADGroup: Operator(s): The following: ''Eq', 'Ne'' are the only operator(s) supported for searching on extended attribute: 'ManagedBy'.
Get-ADGroup:运算符:以下内容:“Eq”、“Ne”是唯一支持搜索扩展属性的运算符:“ManagedBy”。
So, using -LDAPFilter
, this is how your code should look:因此,使用
-LDAPFilter
,您的代码应该是这样的:
$params = @{
LDAPFilter = '(&(ManagedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))'
Properties = 'Name', 'SamAccountName', 'ManagedBy'
}
Get-ADGroup @params | Select-Object $params['Properties']
groupType:1.2.840.113556.1.4.803:=2147483648
in LDAP Syntax is for Security Groups , more details in Active Directory: LDAP Syntax Filters groupType:1.2.840.113556.1.4.803:=2147483648
in LDAP Syntax is for Security Groups , Active Directory 中的更多详细信息:LDAP Syntax Filters
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.