今天突然有人问我,如果你是我,如何找出那些具有相同AD的组的成员呢?
其实,我们通过简单的解析DirectoryServices.DirectorySearcher或者[adsisearcher]类的输出,我们就能够得到。
下面的示例由具有相同的组成员资格的组的数目对结果进行分组和排序:
$Searcher = [adsisearcher]'(member=*)'
$Searcher.PageSize = 500
$Searcher.FindAll() | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
DistinguishedName = $_.Properties.distinguishedname[0]
Member = $_.Properties.member -join ';'
}
} | Group-Object -Property member |
Where-Object {$_.Count -gt 1} |
Sort-Object -Property Count -Descending
输出类:
Count Name Group
----- ---- -----
15 CN=Domain Users,CN=Use... {@{distinguishedname=CN=test123...
13 CN=Domain Users,CN=Use... {@{distinguishedname=CN=test456...
要得到组名和组成员,组对象cmdlet的输出应该利用expandproperty 对象进行扩大查找。
此方法输出将被导出名为CSV文件,生成的AD 中包括完整的相同成员的命名管道。
$Searcher = [adsisearcher]'(member=*)'
$Searcher.PageSize = 500
$Searcher.FindAll() | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
DistinguishedName = $_.Properties.distinguishedname[0]
Member = $_.Properties.member -join ';'
}
} | Group-Object -Property member | Where-Object {$_.Count -gt 1} |
Sort-Object -Property Count -Descending |
Select-Object -ExpandProperty Group |
Export-Csv -Path GroupWithIdenticalMembership.csv -NoTypeInformation
就像下面我得到的那样
