This are the lines where Powershell gets all the groups in AD
Get-ADGroup -Filter * -Properties SamAccountName, managedBy, Name, Description, GroupCategory |
Select-Object SamAccountName, @{Name = 'ManagedBy'; Expression = { (Get-ADUser -Identity $_.managedBy -Properties DisplayName).DisplayName }},Name, Description, GroupCategory
What I'm trying to accomplish is to get only the AD groups where the owner Enabled
property is set to disabled
, something like the following but I cannot complete the logic
Get-ADGroup -Filter * -Properties SamAccountName, managedBy, Name, Description, GroupCategory |
Where (Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" | Select SamAccountName, Enabled -eq "false") |
Select-Object SamAccountName, @{Name = 'ManagedBy'; Expression = { (Get-ADUser -Identity $_.managedBy -Properties DisplayName).DisplayName }},Name, Description, GroupCategory
EDIT:
Applying jfrmilner's answer I get the following error
Get-ADUser : Cannot find an object with identity: 'CN=example,OU=example,OU=User Archive,DC=example,DC=example' under: 'DC=example,DC=example'.
At line:2 char:18
+ Where-Object { !(Get-ADUser -Identity $_.ManagedBy).Enabled } |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (CN=exampl...,DC=example,DC=nexample:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
这将仅返回 ManagedBy 用户被禁用的 AD 组:
Get-ADGroup -LDAPFilter "(ManagedBy=*)" -Properties ManagedBy, Description | Where-Object { !(Get-ADUser -Identity $_.ManagedBy).Enabled }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.