windows 使用 PowerShell 递归获取 AD 组成员身份
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4302605/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get AD Group Membership recursivly using PowerShell
提问by Thijs Cramer
What is the cleanest (and fastest) way to get ALL groups that a single user is a member of. Im using PowerShell 2.0 to count the logged in users in Citrix and devide them into groups from the Active Directory. All users are member of 1 of the subgroups of a group called "VDI-Billing", but the number of nested groups between the user and the VDI-Billing group is not always the same. So i want to be able to get all groups (including nested ones) to compare to the list of members from the VDI-Billing group (1st level) so i get an overview.
获取单个用户所属的所有组的最干净(和最快)的方法是什么。我使用 PowerShell 2.0 来计算 Citrix 中的登录用户数,并将它们从 Active Directory 中划分为组。所有用户都是名为“VDI-Billing”的组的 1 个子组的成员,但用户和 VDI-Billing 组之间的嵌套组数并不总是相同。因此,我希望能够将所有组(包括嵌套组)与 VDI-Billing 组(第一级)的成员列表进行比较,以便我获得一个概览。
Example:
例子:
VDI-Billing has a member group NL-VDI-T-Systems. That has multiple groups (that by themselves have multiple groups). But the overview must count all users (sub)member of NL-VDI-T-Systems.
VDI-Billing 有一个成员组 NL-VDI-T-Systems。有多个组(它们本身有多个组)。但是总览必须算上NL-VDI-T-Systems 的所有用户(子)成员。
So in the overview i should get: NL-VDI-T-Systems: 22 ITA-VDI-T-Systems: 25 And so forth.
所以在概览中我应该得到:NL-VDI-T-Systems:22 ITA-VDI-T-Systems:25 等等。
Anyone know a neat little trick?
有人知道一个巧妙的小技巧吗?
回答by thoughtpunch
We write scripts that do this at my work all the time! With the Quest ActiveRoles Management Tools, a free snapin that makes working with Active Directory objects in Powershell WAY easier.
我们编写的脚本一直在我的工作中执行此操作!使用 Quest ActiveRoles 管理工具,这是一个免费管理单元,可以更轻松地在 Powershell WAY 中使用 Active Directory 对象。
- Install the free Quest ActiveRoles Management Toolsfrom Quest
- Add the PSSnapin to your profile so that you can access all the Powershell AD tools from the console -
Add-PSSnapin Quest.ActiveRoles.ADManagement. If you want to write scipts that use the AD tools, simply add the command to the first line of your script. - Run the following command to get all direct and nested group that a user is a member of:
Get-QADUser 'DOMAIN\USER' | foreach -Process {$_.memberof, $_.nestedmemberof}you can pipe this to a text file or CSV if you want by adding theOut-CSVorOut-Filecmdlets at the end of the command.
- 从Quest安装免费的Quest ActiveRoles 管理工具
- 将 PSSnapin 添加到您的配置文件,以便您可以从控制台访问所有 Powershell AD 工具 -
Add-PSSnapin Quest.ActiveRoles.ADManagement. 如果要编写使用 AD 工具的 scipt,只需将该命令添加到脚本的第一行即可。 - 运行以下命令以获取用户所属的所有直接和嵌套组:
Get-QADUser 'DOMAIN\USER' | foreach -Process {$_.memberof, $_.nestedmemberof}如果需要,可以通过在命令末尾添加Out-CSV或Out-Filecmdlet将其通过管道传输到文本文件或 CSV 。
This works like a charm for me. Let me know if you have any questions!
这对我来说就像一种魅力。如果您有任何问题,请告诉我!
~Dan
~丹
