本文介绍使用PowerShell进行Active Directory(AD)中的用户信息查询及组织单元(OU)内对象统计的方法,包括单用户查询、多用户循环查询及OU查询等实用脚本。
一、Get-User单用户查询
$User=Get-ADUser -identity wendy -Properties *
二、Get-User多用户循环查询
$export=@() $Users=Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=xx,OU=xx,dc=xx,dc=xx,dc=xx" -Properties * foreach($user in $users) { #$User=Get-ADUser -identity wendy -Properties * $name=$user.name #这里可以添加多类属性 $info=New-Object Psobject $info |Add-Member -MemberType NoteProperty -Name 姓名 -Value $name $export+=$info } $CurrentDate = Get-Date $CurrentDate = $CurrentDate.ToString('yyyy-MM-dd') $export |Export-Csv D:\ps\userPermissioninfo_$CurrentDate.csv -Encoding UTF8 -NoTypeInformation
三、ou查询
functions代码如下,参考http://www.JSchofield22.wordpress.com的代码
function Get-OUWithObjects { <# .SYNOPSIS Function to get all OUs that contain Users, Groups, or Contacts. .DESCRIPTION This function requires Quest ActiveRoles AD Management to be installed. The purpose of this script is to go out and find any and all OrganizationalUnits which contain Users, Groups, or Contacts. It performs a count on each type of object and prints them to a CSV File. This is a useful tool for any Admin getting ready to perform an Active Directory migration in order to better understand the existing environment. This script does not require and special privelages in order to run as you're only reading from Active Directory. .PARAMETER Domains This allows you to input as many domains as you'd like to scan against. (ex. -Domains "domain1","domain2","domain3" ) .PARAMETER OutFile This specifies the directory path and file name for the CSV output. (ex. -Outfile c:\temp.csv) .NOTES Name: Get-OUWithObjects.ps1 Author: Josh Schofield DateCreated: 12/28/2012 .LINK http://www.JSchofield22.wordpress.com .EXAMPLE Get-OUWithObjects -Domains "Domain1","Domain2" -OutFile "C:\temp\test.csv" #> param( [Parameter(Mandatory=$true)] $Domains, [Parameter(Mandatory=$true)] [string]$OutFile ) if ((Get-PSSnapin -Registered| where {$_.name -eq "quest.activeroles.admanagement"}) -eq $null){Write-Error "Quest.ActiveRoles.ADManagement NOT Installed"} else { Get-PSSnapin -Registered| where {$_.name -eq "quest.activeroles.admanagement"} | Add-PSSnapin | Out-Null if ((test-path $OutFile) -eq "True"){del $OutFile} $output = @() foreach ($domain in $domains) { Connect-QADService $domain Get-QADObject -Type "organizationalunit" -IncludedProperties name,type,parentcontainer,dn -SizeLimit 0| %{ $ouname = $_.name $parentcontainer = $_.parentcontainer $adobjects = get-qadobject -SearchRoot $_.dn -SearchScope OneLevel -IncludedProperties type,name -SizeLimit 0 | where {(($_.type -eq "contact") -or ($_.type -eq "user") -or ($_.type -eq "group"))} $users = $adobjects | where {$_.type -eq "user"} $groups = $adobjects | where {$_.type -eq "group"} $contacts = $adobjects | where {$_.type -eq "contact"} $results = "" | Select Domain, Name, UserCount, GroupCount, ContactCount, ParentContainer $results.Domain = $domain $results.Name = $ouname $results.ParentContainer = $parentcontainer if ($users -ne $null) { $results.UserCount = $users.count } #End of User Check if ($groups -ne $null) { $results.GroupCount = $groups.count } #End of User Check if ($contacts -ne $null) { $results.ContactCount = $contacts.count } #End of User Check $output += $results Clear-Variable $results -ErrorAction SilentlyContinue Clear-Variable $ouname -ErrorAction SilentlyContinue Clear-Variable $parentcontainer -ErrorAction SilentlyContinue $adobjects = $null $users = $null $groups = $null $contacts = $null } #End of Get QADObject OU } $output | Export-Csv $OutFile -NoTypeInformation }}
扫一扫
2799
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
