组合 PowerShell Get-ADUser 过滤器

huangapple go评论73阅读模式
英文:

Combining PowerShell Get-ADUser Filters

问题

下面是翻译好的部分:

"Good afternoon, all." -> 下午好,大家。

"I am trying to perform a search in P/S for SamAccountName that contains / starts with "svc_", and does not belong to a group called "disconnected", and write that to an Excel file." -> 我正在尝试在P/S中搜索SamAccountName包含/以"svc_"开头的帐户,并且不属于名为"disconnected"的组,并将结果写入Excel文件。

"What I am trying, at least for the syntax, doesn't result in anything. I know there are 300+ accounts that should show." -> 我尝试的内容,至少在语法方面,没有产生任何结果。我知道应该显示300多个帐户。

"What am I declaring wrong?" -> 我声明错了什么?

"get-aduser -filter * -properties *|? {$.samaccountname -like "svc" -and $.MemberOf -eq "disconnected"}" -> get-aduser -filter * -properties * | ? {$.samaccountname -like "svc_" -and $_.MemberOf -eq "disconnected"}

"I am also looking to do the same for those SamAccountName results that are not part of a group. I thought "-neq" would work (not equal), but I guess that value is wrong?" -> 我也想对那些不属于任何组的SamAccountName进行相同的操作。我以为"-neq"会起作用(不等于),但我猜那个值是错误的?

"get-aduser -filter * -properties *|? {$.samaccountname -like "svc" -and $.MemberOf -neq "disconnected"}" -> get-aduser -filter * -properties * | ? {$.samaccountname -like "svc_" -and $_.MemberOf -neq "disconnected"}

"Once my mistakes are figured out, I will add | Export-Csv -Path $CSVfile -NoTypeInformation to have it write to a csv file." -> 一旦我的错误被找出,我将添加| Export-Csv -Path $CSVfile -NoTypeInformation以将结果写入CSV文件。

"Thank you in advance for all the assistance." -> 提前感谢您的所有帮助。

英文:

Good afternoon, all.

I am trying to perform a search in P/S for SamAccountName that contains / starts with "svc_", and does not belong to a group called "disconnected", and write that to an Excel file.

What I am trying, at least for the syntax, doesn't result in anything. I know there are 300+ accounts that should show.

What am I declaring wrong?

get-aduser -filter * -properties *|? {$_.samaccountname -like "svc_" -and $_.MemberOf -eq "disconnected"}

I am also looking to do the same for those SamAccountName results that are not part of a group. I thought "-neq" would work (not equal), but I guess that value is wrong?

get-aduser -filter * -properties *|? {$_.samaccountname -like "svc_" -and $_.MemberOf -neq "disconnected"}

Once my mistakes are figured out, I will add | Export-Csv -Path $CSVfile -NoTypeInformation to have it write to a csv file.

Thank you in advance for all the assistance.

答案1

得分: 3

不要在[tag:powershell]下使用过滤器,当[tag:active-directory]可以为您执行此操作时,它效率要高得多:

$groupdn = (Get-ADGroup disconnected).DistinguishedName

属于该组并以svc_开头的成员

Get-ADUser -LDAPFilter "&(samAccountName=svc_*)(memberOf=$groupdn)" |
Export-Csv path\to\membersofgroup.csv -NoTypeInformation

不属于该组并以svc_开头的成员

Get-ADUser -LDAPFilter "&(samAccountName=svc_*)(!memberOf=$groupdn)" |
Export-Csv path\to\notmembersofgroup.csv -NoTypeInformation


至于您当前代码的问题:

$.samaccountname -like "svc"


应该在`svc_`后面使用通配符:

$.samaccountname -like "svc*"


还有:

$_.MemberOf -eq "disconnected"


永远不会匹配,因为`MemberOf`是`DistinguishedName`的集合。

---

注意:

- 上述代码仅查找`user`对象,如果您需要查找任何`objectClass`的提到的组的成员,可以将`Get-ADUser`更改为`Get-ADObject`。

- 此代码仅查找提到的组的直接成员,如果您需要查找递归成员,您可以使用__LDAP_MATCHING_RULE_IN_CHAIN__。对于这个,过滤器将如下所示:

组的递归成员

"(&(samAccountName=svc_*)(memberOf:1.2.840.113556.1.4.1941:=$groupdn))"

不属于该组或任何嵌套组的成员

"(&(samAccountName=svc_*)(!memberOf:1.2.840.113556.1.4.1941:=$groupdn))"

英文:

<!-- language-all: sh -->

Don't filter with [tag:powershell] when [tag:active-directory] can do it for you, its many times more efficient that way:

$groupdn = (Get-ADGroup disconnected).DistinguishedName

# members of the group and start with `svc_`
Get-ADUser -LDAPFilter &quot;(&amp;(samAccountName=svc_*)(memberOf=$groupdn))&quot; |
   Export-Csv path\to\membersofgroup.csv -NoTypeInformation

# not a member of the group and start with `svc_`
Get-ADUser -LDAPFilter &quot;(&amp;(samAccountName=svc_*)(!memberOf=$groupdn))&quot; |
   Export-Csv path\to\notmembersofgroup.csv -NoTypeInformation

As for the problem with your current code:

$_.samaccountname -like &quot;svc_&quot;

Should use a wildcard after svc_:

$_.samaccountname -like &quot;svc_*&quot;

And:

$_.MemberOf -eq &quot;disconnected&quot;

Will never match since MemberOf is a collection of DistinguishedName.


Notes:

  • The above code only looks for user objects, if you need to find members of mentioned group of any objectClass, then you can change Get-ADUser to Get-ADObject.

  • This code only looks for direct members of the mentioned group, if you need to find the recursive members you can use a LDAP_MATCHING_RULE_IN_CHAIN. For this the filter would look like:

# recursive member of group
&quot;(&amp;(samAccountName=svc_*)(memberOf:1.2.840.113556.1.4.1941:=$groupdn))&quot;

# not a member of the group or any nested group
&quot;(&amp;(samAccountName=svc_*)(!memberOf:1.2.840.113556.1.4.1941:=$groupdn))&quot;

huangapple
  • 本文由 发表于 2023年6月30日 04:02:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/76584282.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定