寻找一种高效的方法来获取不是 N 个特定群组成员的用户。

huangapple go评论53阅读模式
英文:

Looking for an efficient way to get users who aren't members of N specific groups

问题

我正在使用Graph SDK(通过NuGet包,而不是直接使用REST API)与我的Azure ASP.NET Core Web应用程序。我需要获取所有不是20个特定组的AD用户的成员。有数万个组,因此获取每个组并检查成员不切实际。

我已经进行了一些调查,扩展memberOf并对其进行过滤(以便我可以使用NOT IN 进行过滤)是不受支持的,除非在测试版中,我希望除非必要,否则不使用测试版。

是否有一种有效的方法来获取不是这20个组成员的用户列表?我一开始就知道这20个组的ID列表。

英文:

I'm using Graph SDK (Via the NuGet package NOT the REST API directly) with my Azure ASP.NET Core web app. I need to get all AD users that are not members of any of 20 specific groups. There are tens of thousands of groups and so it's not practical to get every group and check the members.

I've done some investigation and expanding memberOf and filtering on it (so that I can filter using NOT IN) is not supported, except in the beta version which I'd like to avoid using unless I have to.

Is there an efficient way to get a list of users who are not members of the 20 groups? I start off knowing the list of 20 group Ids.

答案1

得分: 0

通过 SDK 没有直接的方法来实现这一点,但可以通过 PowerShell 有多种方法来完成:

  1. 获取所有 Azure AD 用户(Get-AzureADUser -all $true)
  2. 创建一个哈希表来包含这些用户。
  3. 将所有用户添加到哈希表中。
  4. 如果用户是某个组的成员,从哈希表中将其移除。
$groupids = @("f8dee32c-1924-4e84-93f3-487d7c79c381", "dbd30120-0021-4a92-850f-d5648961003c") #要检查用户是否不是成员的组的 ObjectID 列表

$userht = @{} #创建包含用户的哈希表

Get-AzureADUser -all $true | foreach-object { $userht.Add($_.ObjectId, $_) } #使用 ObjectID 作为唯一键,将所有 AzureAD 用户添加到哈希表中

ForEach ($id in $groupids) {

    Get-AzureADGroupMember -all $true -ObjectId $id | foreach-object { $userht.Remove($_.ObjectId) } #如果用户是组的成员,则从哈希表中将其移除

}

希望这对你有所帮助。

英文:

There is no direct way to achieve this through the sdk, but there are multiple ways you can accomplish this through Powershell:

  1. Get all Azure AD users (Get-AzureADUser -all $true)

  2. Create a hashtable to contain the users.

  3. Add all users to a hashtable.

  4. If a user is a member of a group, remove them from the hashtable.

    $groupids = @("f8dee32c-1924-4e84-93f3-487d7c79c381", "dbd30120-0021-4a92-850f-d5648961003c") #list of groups by ObjectID that you want to check if users are NOT a member of

    $userht = @{} #create hashtable that will contain users

    Get-AzureADUser -all $true | foreach-object {$userht.Add($.ObjectId,$)} #add all AzureAD users to hashtable with ObjectID as unique key

    ForEach($id in $groupids){

    Get-AzureADGroupMember -all $true -ObjectId $id | foreach-object { $userht.Remove($_.ObjectId) } #if user is member of group, remove them from hashtable

    }
    Hope this helps.

huangapple
  • 本文由 发表于 2023年7月7日 01:11:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/76631132.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定