2023年2月14日 21:11:37go评论49阅读模式

英文:

Find multiple of the same objects in an Array and do something with these objects

问题

我需要一个PowerShell脚本，执行以下操作：

获取六个不同AD组的AD组成员。
仅显示在超过两个AD组中的成员。
从这些AD组中删除这些成员。

我只能想到一个脚本，它找到这六个AD组的所有成员，并按组中出现的次数降序分组显示它们。我不知道如何自动从中删除出现次数为3或更多的成员。

$arrMembersADGroup1 = Get-ADGroupMember -Identity "AD-Group1" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup2 = Get-ADGroupMember -Identity "AD-Group2" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup3 = Get-ADGroupMember -Identity "AD-Group3" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup4 = Get-ADGroupMember -Identity "AD-Group4" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup5 = Get-ADGroupMember -Identity "AD-Group5" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup6 = Get-ADGroupMember -Identity "AD-Group6" -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrAllGroupMembers = $arrMembersADGroup1 + $arrMembersADGroup2 + $arrMembersADGroup3 + $arrMembersADGroup4 + $arrMembersADGroup5 + $arrMembersADGroup6

$arrAllGroupMembers | Group-Object -Property Mail -NoElement | Sort-Object -Property count -Descending | Select-Object Name, Count

英文:

I need a PowerShell-Script that does the following:

Get the AD-Groupmember of six different AD-Groups.
Show only members who are in more than two of those AD-Groups.
Remove these members from those AD-Groups.

I could only come up with a Script, that finds all members of those six AD-Groups and show them grouped descending from the occurrence in the groups. I don't know how to go from here to automatically remove the members with count 3 or greater from the AD-Groups.

$arrMembersADGroup1 = Get-ADGroupMember -Identity &quot;AD-Group1&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup2 = Get-ADGroupMember -Identity &quot;AD-Group2&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup3 = Get-ADGroupMember -Identity &quot;AD-Group3&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup4 = Get-ADGroupMember -Identity &quot;AD-Group4&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup5 = Get-ADGroupMember -Identity &quot;AD-Group5&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrMembersADGroup6 = Get-ADGroupMember -Identity &quot;AD-Group6&quot; -Recursive | Get-ADUser -Properties Mail | Select-Object Mail
$arrAllGroupMembers = $arrMembersADGroup1 + $arrMembersADGroup2 + $arrMembersADGroup3 + $arrMembersADGroup4 + $arrMembersADGroup5 + $arrMembersADGroup6

$arrAllGroupMembers | Group-Object -Property Mail -NoElement | Sort-Object -Property count -Descendin | Select-Object Name,count

答案1

得分: 0

以下代码应该能实现你的要求，基本上创建一个输出，包含用户的samAccountName和他们所属的组memberOf。然后将该输出传输到Group-Object，将对象按其samAccountName分组，以便稍后筛选出有超过2个分组对象的情况（也就是说，他们将是3个或更多组的成员）。你应该得到的输出是用户的samAccountName以及他们所属的所有组的DistinguishedName。

$groups = 'AD-Group1', 'AD-Group2', 'AD-Group3', 'AD-Group4', 'AD-Group5', 'AD-Group6'
$groups | ForEach-Object {
    $dn = (Get-ADGroup $_).DistinguishedName
    # 查找属于此组的所有递归用户对象成员
    foreach($member in Get-ADUser -LDAPFilter "(memberOf:1.2.840.113556.1.4.1941:=$dn)") {
        [pscustomobject]@{
            samAccountName = $member.samAccountName
            MemberOf       = $dn
        }
    }
} | Group-Object samAccountName | Where-Object Count -GT 2

这段代码的作用是找出属于3个或更多组的用户，输出他们的samAccountName和所有所属组的DistinguishedName。

英文:

The following should do the trick, basically create an output having the user's samAccountName and their respective group they're a memberOf. Then that output is piped to Group-Object where the objects are grouped by their samAccountName to later be filtered where there are more than 2 grouped objects (meaning, they would be a member of 3 or more groups). The output you should get is the user's samAccountName and all the group's DistinguishedName they're a member of.

$groups = &#39;AD-Group1&#39;, &#39;AD-Group2&#39;, &#39;AD-Group3&#39;, &#39;AD-Group4&#39;, &#39;AD-Group5&#39;, &#39;AD-Group6&#39;
$groups | ForEach-Object {
    $dn = (Get-ADGroup $_).DistinguishedName
    # find all recursive user object members of this group
    foreach($member in Get-ADUser -LDAPFilter &quot;(memberOf:1.2.840.113556.1.4.1941:=$dn)&quot;) {
        [pscustomobject]@{
            samAccountName = $member.samAccountName
            MemberOf       = $dn
        }
    }
} | Group-Object samAccountName | Where-Object Count -GT 2

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

在一个数组中查找相同对象的多个实例，并对这些对象执行某些操作。

问题

答案1

我的 PowerShell 代码在作为模块从另一个文件中调用时为什么行为不同？

在AD用户描述前添加PS – 使用ForEach进行重复更新

PowerShell 在 2020 年 1 月 6 日返回周数为 2。

Powershell: 字符串中替换字符的代码错误

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论