Powershell 讓 Groupmembers 進入 Out-GridView

Question

我想使用 Out-GridView 來顯示選定 AD 組的成員。 如果我可以得到所有成員（計算機、其他組、用戶），但至少用戶是強制性的，那就太好了。 我現在有這個代碼：

    Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int"|
    Select-Object @{n="Group"; e={$_.Name}}, DistinguishedName |Sort-Object "Group"|
    Out-GridView -Title "Select a group, then click OK"  -PassThru
$accounts = Foreach ($group in $groups) {Get-ADGroupMember -Identity $group.DistinguishedName -Recursive}

$report = Get-ADUser -Identity $account -Properties *|
    Select-Object name, SamAccountName, EmailAddress, EmployeeID, TelephoneNumber, Created, Department, City| 
    Out-GridView -Title "The members of the group"  -PassThru

目前我可以搜索組，選擇它，然后我沒有得到所有成員。 只有一個，我想。 而且也只有一個用戶，因為它是 Get-ADuser。 誰能幫我？

或者也許在互聯網的某個地方有一個類似的 powershell 前端？

Answer 1

Get-ADGroupMember -Identity *group* | Out-GridView

這應該讓您獲得該組的所有成員。 我猜你可以從那里過濾它？ :)

Answer 2

由於Get-ADGroupMember可以返回 3 種不同類型的 AD 對象，因此您不能對每個返回的對象盲目使用Get-ADUser 。
此外，並非所有這些不同的對象都具有您希望在網格視圖中顯示的相同屬性，因此您需要一些方法來捕獲它們的共同屬性，同時將其他屬性留空。

嘗試：

Import-Module ActiveDirectory

$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int" |
          Select-Object @{Name = "Group"; Expression = {$_.Name}}, DistinguishedName | Sort-Object "Group"

# show the groups in a grid view and have the user select one item  
$selected = $groups | Out-GridView -Title "Select a group, then click OK" -PassThru

# if not cancelled
if ($selected) {
    # loop through the members of the selected group and capture the resulting objects in variable $result
    $result = foreach ($member in (Get-ADGroupMember -Identity $selected.DistinguishedName -Recursive)) {
        $account = switch ($member.objectClass) {
            'user' { 
                # Get-ADUser by default returns these properties:
                # DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
                Get-ADUser -Identity $member.DistinguishedName -Properties EmailAddress, EmployeeId, 
                                                                           OfficePhone, Created, Department, City
            }
            'group' {
                # Get-ADGroup by default returns these properties:
                # DistinguishedName, GroupCategory, GroupScope, Name, ObjectClass, ObjectGUID, SamAccountName, SID
                Get-ADGroup -Identity $member.DistinguishedName -Properties mail, Created |
                # rename the property 'mail' here
                Select-Object *, @{Name = 'EmailAddress'; Expression = {$_.mail}} -ExcludeProperty mail
            }
            'computer' {
                # Get-ADComputer by default returns these properties:
                # DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID,  UserPrincipalName
                Get-ADComputer -Identity $member.DistinguishedName -Properties Created
            }
        }
        # output an object with all properties you want in the grid view. Some will be empty though depending on the object type
        $account | Select-Object @{Name = 'Type'; Expression = {$member.objectClass}}, 
                                 Name, SamAccountName, EmailAddress, EmployeeId, OfficePhone, Created, Department, City
    }
    # display the results
    $result | Sort-Object Type, Name | Out-GridView -Title "The members of group '$($selected.Name)'"
}