英文:
Combining PowerShell Get-ADUser Filters
问题
下面是翻译好的部分:
"Good afternoon, all." -> 下午好,大家。
"I am trying to perform a search in P/S for SamAccountName that contains / starts with "svc_", and does not belong to a group called "disconnected", and write that to an Excel file." -> 我正在尝试在P/S中搜索SamAccountName包含/以"svc_"开头的帐户,并且不属于名为"disconnected"的组,并将结果写入Excel文件。
"What I am trying, at least for the syntax, doesn't result in anything. I know there are 300+ accounts that should show." -> 我尝试的内容,至少在语法方面,没有产生任何结果。我知道应该显示300多个帐户。
"What am I declaring wrong?" -> 我声明错了什么?
"get-aduser -filter * -properties *|? {$.samaccountname -like "svc" -and $.MemberOf -eq "disconnected"}" -> get-aduser -filter * -properties * | ? {$.samaccountname -like "svc_" -and $_.MemberOf -eq "disconnected"}
"I am also looking to do the same for those SamAccountName results that are not part of a group. I thought "-neq" would work (not equal), but I guess that value is wrong?" -> 我也想对那些不属于任何组的SamAccountName进行相同的操作。我以为"-neq"会起作用(不等于),但我猜那个值是错误的?
"get-aduser -filter * -properties *|? {$.samaccountname -like "svc" -and $.MemberOf -neq "disconnected"}" -> get-aduser -filter * -properties * | ? {$.samaccountname -like "svc_" -and $_.MemberOf -neq "disconnected"}
"Once my mistakes are figured out, I will add | Export-Csv -Path $CSVfile -NoTypeInformation to have it write to a csv file." -> 一旦我的错误被找出,我将添加| Export-Csv -Path $CSVfile -NoTypeInformation以将结果写入CSV文件。
"Thank you in advance for all the assistance." -> 提前感谢您的所有帮助。
英文:
Good afternoon, all.
I am trying to perform a search in P/S for SamAccountName that contains / starts with "svc_", and does not belong to a group called "disconnected", and write that to an Excel file.
What I am trying, at least for the syntax, doesn't result in anything. I know there are 300+ accounts that should show.
What am I declaring wrong?
get-aduser -filter * -properties *|? {$_.samaccountname -like "svc_" -and $_.MemberOf -eq "disconnected"}
I am also looking to do the same for those SamAccountName results that are not part of a group. I thought "-neq" would work (not equal), but I guess that value is wrong?
get-aduser -filter * -properties *|? {$_.samaccountname -like "svc_" -and $_.MemberOf -neq "disconnected"}
Once my mistakes are figured out, I will add | Export-Csv -Path $CSVfile -NoTypeInformation to have it write to a csv file.
Thank you in advance for all the assistance.
答案1
得分: 3
不要在[tag:powershell]下使用过滤器,当[tag:active-directory]可以为您执行此操作时,它效率要高得多:
$groupdn = (Get-ADGroup disconnected).DistinguishedName
属于该组并以svc_开头的成员
Get-ADUser -LDAPFilter "&(samAccountName=svc_*)(memberOf=$groupdn)" |
Export-Csv path\to\membersofgroup.csv -NoTypeInformation
不属于该组并以svc_开头的成员
Get-ADUser -LDAPFilter "&(samAccountName=svc_*)(!memberOf=$groupdn)" |
Export-Csv path\to\notmembersofgroup.csv -NoTypeInformation
至于您当前代码的问题:
$.samaccountname -like "svc"
应该在`svc_`后面使用通配符:
$.samaccountname -like "svc*"
还有:
$_.MemberOf -eq "disconnected"
永远不会匹配,因为`MemberOf`是`DistinguishedName`的集合。
---
注意:
- 上述代码仅查找`user`对象,如果您需要查找任何`objectClass`的提到的组的成员,可以将`Get-ADUser`更改为`Get-ADObject`。
- 此代码仅查找提到的组的直接成员,如果您需要查找递归成员,您可以使用__LDAP_MATCHING_RULE_IN_CHAIN__。对于这个,过滤器将如下所示:
组的递归成员
"(&(samAccountName=svc_*)(memberOf:1.2.840.113556.1.4.1941:=$groupdn))"
不属于该组或任何嵌套组的成员
"(&(samAccountName=svc_*)(!memberOf:1.2.840.113556.1.4.1941:=$groupdn))"
英文:
<!-- language-all: sh -->
Don't filter with [tag:powershell] when [tag:active-directory] can do it for you, its many times more efficient that way:
$groupdn = (Get-ADGroup disconnected).DistinguishedName
# members of the group and start with `svc_`
Get-ADUser -LDAPFilter "(&(samAccountName=svc_*)(memberOf=$groupdn))" |
Export-Csv path\to\membersofgroup.csv -NoTypeInformation
# not a member of the group and start with `svc_`
Get-ADUser -LDAPFilter "(&(samAccountName=svc_*)(!memberOf=$groupdn))" |
Export-Csv path\to\notmembersofgroup.csv -NoTypeInformation
As for the problem with your current code:
$_.samaccountname -like "svc_"
Should use a wildcard after svc_:
$_.samaccountname -like "svc_*"
And:
$_.MemberOf -eq "disconnected"
Will never match since MemberOf is a collection of DistinguishedName.
Notes:
-
The above code only looks for
userobjects, if you need to find members of mentioned group of anyobjectClass, then you can changeGet-ADUsertoGet-ADObject. -
This code only looks for direct members of the mentioned group, if you need to find the recursive members you can use a LDAP_MATCHING_RULE_IN_CHAIN. For this the filter would look like:
# recursive member of group
"(&(samAccountName=svc_*)(memberOf:1.2.840.113556.1.4.1941:=$groupdn))"
# not a member of the group or any nested group
"(&(samAccountName=svc_*)(!memberOf:1.2.840.113556.1.4.1941:=$groupdn))"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论