Powershell 針對 Active Directory 運行查詢的腳本

Question

我有以下 Powershell 腳本：

$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$SearchString = "LDAP://"
$SearchString += $PDC + "/"
$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))"
$SearchString += $DistinguishedName
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.SearchRoot = $objDomain
$Searcher.filter="samAccountType=805306368"
$Result = $Searcher.FindAll()
Foreach($obj in $Result)
{
    Foreach($prop in $obj.Properties)
    {  
        $prop
    }
    Write-Host "------------------------"
}

我需要對此進行修改以執行以下操作，但我不確定如何應用正確的過濾器，我認為需要$Searcher.filter中的 go ：

1. 將腳本更改為僅返回 Domain Admins 組的成員。
2. 更改腳本以返回域中的所有計算機。
3. 添加過濾器以僅返回運行 Windows 10 的計算機。

Answer 1

您可以執行以下操作：

$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$searchString = "LDAP://{0}/DC={1}" -f $PDC,$domainObj.Name.Replace('.', ',DC=')
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.SearchRoot = $objDomain

# Domain Admins
$Searcher.filter='samAccountName=Domain Admins'
$DAs = $Searcher.FindAll().Properties.Member

# All Computers
$Searcher.filter='objectClass=Computer'
$Computers = $Searcher.FindAll()

# Windows 10
$Computers | Where {
    $_.Properties.OperatingSystemVerison -match '^10\D' -and $_.Properties.OperatingSystem -notmatch 'Server'
}

Answer 2

獲取所有域管理員（在廣告組“管理員”中）：

Get-ADGroupMember -Identity Administrators

使用 Windows 10 獲取計算機

Get-ADComputer -Filter {operatingsystem -like 'Windows 10*'}

供參考，請參閱：

• https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer?view=win10-ps
• https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroupmember?view=win10-ps