我有名為 ADGroup1 和 ADGroup2 的 AD 組。我知道我可以通過查詢查看每個串列:
Get-ADGroupMember -Identity "ADGroup1
或者
Get-ADGroupMember -Identity "ADGroup2
但是有沒有人可以讓我快速找到屬于這兩個組的所有用戶?
uj5u.com熱心網友回復:
您可以通過LDAP 過濾和一些字串操作來自動生成 LDAP 過濾器:
# Create a filter to get all groups in `$groups`
$groups = 'ADGroup1', 'ADGroup2'
$groupFilter = '(|'
$groups | ForEach-Object {
$groupFilter = '(samAccountName={0})' -f $_
}
$groupFilter = ')'
# create a new filter to get all objects "members of" the groups, exclusive
# change to `(|` for inclusive
$memberOfFilter = '(&'
# get the `DistinguishedName` of all groups and build the filter
(Get-ADGroup -LDAPFilter $groupFilter).DistinguishedName |
ForEach-Object { $memberOfFilter = '(memberof={0})' -f $_ }
$memberOfFilter = ')'
# use this one to find only users:
# $memberOfFilter = '(objectclass=user)(objectcategory=person))'
# instead of:
# $memberOfFilter = ')'
# or just use `Get-ADUser` instead of `Get-ADObject`
# get all objects "members of" all groups in `$groups`
Get-ADObject -LDAPFilter $memberOfFilter
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/518219.html
標籤:电源外壳活动目录