英文:
joining output from two cmdlets
问题
我想从AD中获取GivenName、Surname和Department信息,以下代码可行:
Get-ADGroupMember XXXX-servicecenter | Get-ADUser | Select GivenName,Surname, @{Name="Dept";Expression={Get-ADObject -Properties department -Identity "$_" | Select -Expand Department}}
但是,如果我删除-Properties department部分,它就不会返回部门信息。有人能解释一下为什么我必须特别包括这一部分吗?谢谢。
英文:
I wanted to get the GivenName, Surname and Department info out of AD and the following works:
Get-ADGroupMember XXXX-servicecenter | Get-ADUser | Select GivenName,Surname, @{Name="Dept";Expression={Get-ADObject -Properties department -Identity "$_" | Select -Expand Department}}
However if I remove the -Properties department bit it doesn't return the department info. Can someone please explain why I have to specifically include that? Thanks.
答案1
得分: 0
[Olaf](https://stackoverflow.com/users/9196560/olaf)在他们的评论中提供了关键指针,`Get-ADUser`默认只输出特定的属性集,主要是因为每次查询返回所有用户对象属性会很低效。查看[`-Properties`](https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps#-properties)参数和[__Outputs__](https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps#outputs)以获取更多详细信息。
至于你提出的代码问题,你查询了同一个用户两次,一次是通过从`Get-ADGroupMember`输出进行管道传递,另一次是在`Select-Object`中使用的表达式中。还值得注意的是,组除了AD用户之外,还可以包含其他对象类型,因此建议在将其传递到`Get-ADUser`之前对输出进行过滤:
Get-ADGroupMember XXXX-servicecenter |
Where-Object objectClass -eq user |
Get-ADUser -Properties department |
Select-Object GivenName, Surname, Department
通过使用Active Directory的过滤功能,可以以更简单更快的方式完成相同的任务。查看[about_ActiveDirectory_Filter](https://learn.microsoft.com/en-us/previous-versions/windows/server/hh531527(v=ws.10))和[Active Directory: LDAP Syntax Filters](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx)。
$filter = ''(memberof={0})'' -f (Get-ADGroup XXXX-servicecenter).DistinguishedName
Get-ADUser -LDAPFilter $filter -Properties department |
Select-Object GivenName, Surname, Department
<details>
<summary>英文:</summary>
<!-- language-all: sh -->
[Olaf](https://stackoverflow.com/users/9196560/olaf) has provided the crucial pointers in their comment, `Get-ADUser` only outputs a specific set of attributes by default, this is mainly because returning all user objects attributes for each query would be very inefficient. See [`-Properties`](https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps#-properties) parameter and [__Outputs__](https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps#outputs) for more details.
As for your code in question, you're querying the same user 2 times, once while piping the output from `Get-ADGroupMember` and twice in the expression used in `Select-Object`. It's also worth noting that groups can have other object types aside from AD Users thus it's recommend to filter the output before piping it to `Get-ADUser`:
Get-ADGroupMember XXXX-servicecenter |
Where-Object objectClass -eq user |
Get-ADUser -Properties department |
Select-Object GivenName, Surname, Department
There is a simpler and faster way to accomplish the same by using Active Directory filtering capabilities. See [about_ActiveDirectory_Filter
](https://learn.microsoft.com/en-us/previous-versions/windows/server/hh531527(v=ws.10)) and [Active Directory: LDAP Syntax Filters](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx).
$filter = '(memberof={0})' -f (Get-ADGroup XXXX-servicecenter).DistinguishedName
Get-ADUser -LDAPFilter $filter -Properties department |
Select-Object GivenName, Surname, Department
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论