我有兩個 AD 組,想提取他們的成員。如果我指定一組,我可以運行腳本。當我放置第二組時,我不可能生成兩個不同的報告。你能幫助我嗎?
$ADGroup= "Group_Test","Group_Test_ABC"
$Group = Get-ADGroupMember -Identity $ADGroup | ? {$_.objectclass -eq "user"}
$Path = "C:\Temp\$ADGroup $((Get-Date).ToString("(yyyy-MM-dd)")).xlsx"
$Result =
foreach ($User in $Group) {
Get-ADUser -Identity $User -Properties * | Select @{n='ADGROUP NAME';e={$ADGroup}}, @{n="DisplayName";e={$_.DisplayName}}, @{n='SamAccountName';e={$_.SamAccountName}}, @{n='UPN';e={$_.UserPrincipalName}}
}
$Result | Export-Excel -Path $Path
uj5u.com熱心網友回復:
Get-ADGroupMember 僅將一組作為輸入,如果您需要查詢多個組,則需要遍歷組:
$ADGroup = "Group_Test", "Group_Test_ABC"
$result = foreach($group in $ADGroup)
{
$members = Get-ADGroupMember -Identity $group | Where-Object {
$_.objectclass -eq "user"
}
foreach($member in $members)
{
$user = Get-ADUser $member -Properties DisplayName
[pscustomobject]@{
'ADGROUP NAME' = $group
DisplayName = $user.DisplayName
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
}
}
}
$Path = "C:\Temp\$ADGroup $((Get-Date).ToString("(yyyy-MM-dd)")).xlsx"
$Result | Export-Excel -Path $Path
上述方法有一種不同的替代方法,更有效,但它只會找到當前域中存在的那些用戶,如果不同域上有成員(用戶),則不會找到它們。
$result = foreach($group in $ADGroup)
{
$thisGroup = Get-ADGroup $group
$splat = @{
LDAPFilter = "(memberOf=$($thisGroup.DistinguishedName))"
Properties = 'DisplayName'
}
$users = Get-ADUser @splat
foreach($user in $users)
{
[pscustomobject]@{
'ADGROUP NAME' = $thisGroup.SamAccountName
DisplayName = $user.DisplayName
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
}
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/390716.html