堆栈内存溢出
  简体   繁体   English

如何获取所有包含managedby的安全组?

[英]How to get all security groups that contain managedby?

 原文  2023-01-24 16:37:04       powershell/ active-directory

问题描述

As part of the access review, I need to provide a report of security groups.作为访问审查的一部分,我需要提供一份安全组报告。 I would like to know how I can do to have the list of all the security groups whose managedby field has a value.我想知道如何才能获得 managedby 字段具有值的所有安全组的列表。

Also, i would like the managedby to show only the full name另外,我希望 managedby 只显示全名

Here what i have这是我所拥有的

get-ADGroup -filter {(Managedby -contains "*") -and (GroupCategory -eq "Security")} -Properties * | Select Name, SamAccountName, ManagedBy

1 个解决方案

解决方案1
 0 已采纳  2023-01-25 01:15:59

Your code is almost correct, the problem is -contains is a PowerShell comparison operator and is not supported by the Active Directory Filter .您的代码几乎是正确的,问题是 -contains 是一个-contains 比较运算符,并且不受Active Directory Filter支持。

When searching for an attribute not null (usually) :当搜索不是 null的属性时(通常)

  • Using -Filter使用-Filter
"attributeName -like '*'"
  • Using -LDAPFilter使用-LDAPFilter
"(attributeName=*)"

However for this case unfortunately I have no idea how to do this filter using -Filter (I personally dislike it), if you try:但是,不幸的是,对于这种情况,我不知道如何使用-Filter执行此过滤器(我个人不喜欢它),如果您尝试:

Get-ADGroup -Filter "managedby -like '*'"

You would get the following error:你会得到以下错误:

Get-ADGroup: Operator(s): The following: ''Eq', 'Ne'' are the only operator(s) supported for searching on extended attribute: 'ManagedBy'. Get-ADGroup:运算符:以下内容:“Eq”、“Ne”是唯一支持搜索扩展属性的运算符:“ManagedBy”。

So, using -LDAPFilter , this is how your code should look:因此,使用-LDAPFilter ,您的代码应该是这样的:

$params = @{
    LDAPFilter = '(&(ManagedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))'
    Properties = 'Name', 'SamAccountName', 'ManagedBy'
}
Get-ADGroup @params | Select-Object $params['Properties']

groupType:1.2.840.113556.1.4.803:=2147483648 in LDAP Syntax is for Security Groups , more details in Active Directory: LDAP Syntax Filters groupType:1.2.840.113556.1.4.803:=2147483648 in LDAP Syntax is for Security GroupsActive Directory 中的更多详细信息:LDAP Syntax Filters

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何列出所有通讯组的名称、组类型、管理方式和 AD 描述 - How to list all distribution groups with name, grouptype, managedby, and AD description 如何通过C#为安全组设置ManagedBy属性 - How to set ManagedBy property for Security Group via C# 如何使用电源 shell 将 ManagedBy 所有者从一个用户更改为另一个用户,用于 150 多个组 - How to change ManagedBy owner from one user to another one for 150+ groups using power shell 如何获取用户所属的所有组? - How to get all groups that a user is a member of? 如何在Foreach循环中查询ADComputer的ManagedBy属性? - How to query ManagedBy property of ADComputer in a Foreach loop? 如何获取邮件联系人所属的所有组? - How to get all groups that a mail contact is a member of? 获取与某个构建定义关联的所有安全组和用户 [Azure-Devops] - Get all security groups and users associated with a certain build definition[Azure-Devops] 如何递归遍历所有安全组以将所有用户导出到CSV文件 - how can I recursively go thru all my security groups to export all Users to a CSV file 如何从Active Directory获取所有组的所有成员 - How to get all members of all groups from Active Directory 如何将所有成员从Active Directory中的通用通讯组递归导入到安全组 - How to recursive import to security group all members from Universal Distribution Groups in Active Directory
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM