如何將AD組與AzureAD組進行比較并洗掉成員（如果不同）-有解無憂

我想比較 2 個組，如果不同，則從 Azure AD 組中洗掉成員，但我遇到了錯誤。有人能告訴我我做錯了什么嗎？

$membersofAzureADGroup = Get-AzureADGroup -Searchstring Test_Group | Get-AzureADGroupmember | Select Userprincipalname

$membersofADGroup = Get-ADGroupmember "Groupe_A" | Get-ADUser -properties Userprincipalname | Select UserPrincipalName

$RemoveUsers = Compare-Object -ReferenceObject $membersofAzureADGroup -DifferenceObject $membersofADGroup -PassThru | Where SideIndicator -eq "<="

Remove-AzureADGroupMember $RemoveUsers -Members $membersofAzureADGroup

Remove-AzureADGroupMember：找不到接受引數“@{[email protected];SideIndicator=<=}”的位置引數

我在下面嘗試了這個，但仍然無法正常作業......

Remove-AzureADGroupMember $RemoveUsers -MemberID (Get-AzureADUser | where {$_.Userprincipalname -eq $MembersOfGroup1}).ObjectID

uj5u.com熱心網友回復：

洗掉屬于 Azure AD 組但不是 Active Directory 組成員的用戶將需要過濾，因此您絕對不需要Compare-Object。

既然你試圖找到不上另一個陣列存在，陣列元素Where-Object或.Where(..)方法應該是綽綽有余。

$ErrorActionPreference = 'Stop'

$azGName = 'Test_Group'
$adGName = 'Test_Group'

$azGroup = Get-AzureADGroup -Searchstring $azGName
$azMembers = Get-AzureADGroupmember $azGroup
$adMembers = (Get-ADGroupMember $adGName).Where({
    $_.ObjectClass -eq 'user'
}).UserPrincipalName
# NOTE: Piping Get-ADUser to Get-ADGroupMember will get you in trouble whenever
#       there is a member that is not of the objectclass 'user'.

# Members of AZ Group that are not members of AD Group
$azMembers.Where({$_ -notin $adMembers.UserPrincipalName}).ForEach({
    "Removing $_ from $azGName"
    try
    {
        Remove-AzureADGroupMember -ObjectId $azGroup.ObjectId -MemberId $_.ObjectId
    }
    catch
    {
        Write-Warning $_.Exception
    }
})

uj5u.com熱心網友回復：

我沒有 AD 或 Azure AD，但我遵循了您的問題的原則并在我的計算機上本地測驗了以下內容。見下文

你失敗的原因是你的 $RemoveUsers 變數是錯誤的。如果您沒有看過它所呈現的內容，我會感到驚訝。

為什么它不起作用

$RemoveUsers = Compare-Object -ReferenceObject $membersofAzureADGroup -DifferenceObject $membersofADGroup -PassThru | Where SideIndicator -eq "<="

在本地計算機測驗中比較組

## Step 1 - Place both groups into variables
$Group1 = get-localgroup -Name Administrators | Get-LocalGroupMember | Select Name
$Group2 = get-localgroup -Name Test | Get-LocalGroupMember | Select Name
## Step 2 - See All Output 
$compare = Compare-Object -ReferenceObject $Group1 -DifferenceObject $Group2 -property name -passthru -IncludeEqual
## Step 3 See Only Difference in reference (source) object and select InputObject
$DifferenceInSource = (Compare-Object -ReferenceObject $Group1 -DifferenceObject $Group2 | Where SideIndicator -eq "<=" | Select -ExpandProperty InputObject)
## Step 4 Pull Out Names
$DifferenceInSourceName = $DifferenceInSource.Name
## Split WorkGroup and Account
$SplitName = $DifferenceInSourceName.Split('\')
## Step 5 Test To See If Account Resolves
Get-LocalUser -name $SplitName[1]

顯然，您然后圍繞ForEach陳述句構建以對多個參考進行更新。

如何將 AD 組與 Azure AD 組進行比較并洗掉成員（如果不同）

轉載請註明出處，本文鏈接：https://www.uj5u.com/qianduan/371185.html

標籤：电源外壳天蓝色活动目录

上一篇：select-string適用于get-content但不能直接作用于invoke-webclient內容

下一篇：有人可以解釋這段代碼在做什么嗎？