如何使用PowerShell进行ADSI查询

huangapple go评论63阅读模式
英文:

How to use Powershell to make ADSI queries

问题

我目前正在尝试获取我的环境中多个帐户的用户对象属性列表。但是,这需要查询一些ADSI属性,即使在进行了一些自学之后,我仍然不太确定如何使其正常工作。

我正在尝试使用以下类似的方式创建一个foreach循环来获取这些用户的一些详细信息,但我还需要通过LDAP查询来迭代多个单独的ADSI属性(例如AllowLogon、MaxConnectionTime、TerminalServicesWorkDirectory),并将输出添加到我的结果CSV中。我认为这将类似于以下内容,但我不确定如何使中间的LDAP/ADSI查询正常工作:

# 选择包含要搜索的帐户的组织单位(OU):
$OU = "OU=Accounts,DC=domain,DC=local"

# 设置ADUser搜索基础:
$Accounts = Get-ADuser -Filter * -Searchbase $OU

# 基于ForEach循环的结果定义CSV输出
$Output = ForEach($Account in $Accounts){
    Get-ADUser -identity $Account -Properties * |
    Select-Object Name,GivenName

    # 这里是我不确定如何使这些查询正常工作的地方
    $User = [ADSI]("LDAP://" + $account.distinguishedname)
    $user.psbase.InvokeGet("AllowLogon")
    $user.psbase.InvokeGet("MaxConnectionTime")
    $user.psbase.InvokeGet("TerminalServicesWorkDirectory")
}

# 将输出写入CSV文件
$Output | Export-CSV C:\Temp\Output.csv

是否有人可以指导我正确地将它们填充到CSV中?谢谢!

英文:

I am currently trying to get a list of user object properties for a number of accounts in my environment. However, this requires querying some ADSI properties, and I am not entirely sure how to get this to work, even after doing some self-guided study.

What I am doing is using something like the below to create a foreach loop to get some details on these users, but I additionally need for it to iterate through LDAP queries for a bunch of separate ADSI properties (e.g. AllowLogon, MaxConnectionTime, TerminalServicesWorkDirectory) and add the outputs to my resultant CSV. I believe that this will look something like this, but I'm not sure how to make the LDAP/ADSI queries in the middle work properly:

# Choose the OU containing the accounts to be searched:
$OU = "OU=Accounts,DC=domain,DC=local"

# Set up the ADUser search base:
$Accounts = Get-ADuser -Filter * -Searchbase $OU

#Define CSV output based off of results of ForEach loop
$Output = ForEach($Account in $Accounts){
    Get-ADUser -identity $Account -Properties * |
    Select-Object Name,GivenName

#This is where I am unsure on how to get these queries to work properly
    $User = [ADSI]("LDAP://" + $account.distinguishedname)
    $user.psbase.InvokeGet("AllowLogon")
    $user.psbase.InvokeGet("MaxConnectionTime")
    $user.psbase.InvokeGet("TerminalServicesWorkDirectory")

}

#Write output to CSV
$Output | Export-CSV C:\Temp\Output.csv

Can anyone set me down the correct path to getting these to properly populate a CSV? Thanks!

答案1

得分: 3

[...] 但我另外需要通过 LDAP 查询一堆...

你确实不需要 - Get-ADUser 可以预先获取所需的属性值 - 您只需使用正确的属性名称:

# 获取具有所需属性的所有用户帐户
$Accounts = Get-ADUser -Filter * -Searchbase $OU -Properties Name,GivenName,msTSAllowLogon,msTSMaxConnectionTime,msTSWorkDirectory

# 将 RDS 属性重命名为稍微更易读的名称
$Output = $Accounts | Select Name,GivenName,@{Name='AllowLogon';Expression='msTSAllowLogon'},@{Name='MaxConntectionTime';Expression='msTSMaxConnectionTime'},@{Name='TerminalServicesWorkDirectory';Expression='msTSWorkDirectory'}

# 将输出写入 CSV
$Output | Export-CSV C:\Temp\Output.csv
英文:

> [...] but I additionally need for it to iterate through LDAP queries for a bunch of ...

You really don't - Get-ADUser can fetch the desired attribute values up front - you just have to use the correct names for the attributes:

# Fetch all user accounts with the required attributes
$Accounts = Get-ADuser -Filter * -Searchbase $OU -Properties Name,GivenName,msTSAllowLogon,msTSMaxConnectionTime,msTSWorkDirectory

# Rename the RDS attributes to something slight more easily-readable
$Output = $Accounts |Select Name,GivenName,@{Name='AllowLogon';Expression='msTSAllowLogon'},@{Name='MaxConntectionTime';Expression='msTSMaxConnectionTime'},@{Name='TerminalServicesWorkDirectory';Expression='msTSWorkDirectory'}

# Write output to CSV
$Output | Export-CSV C:\Temp\Output.csv

huangapple
  • 本文由 发表于 2023年6月12日 23:23:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/76458114.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定