时间戳

首页 > 解决方案 > 如果用户属于这个组,显示这个,如果不是,显示这个

powershell - 如果用户属于这个组,显示这个,如果不是,显示这个

问题描述

我是 powershell 的新手,开始学习语法和需要什么逻辑,但我已经很好地尝试了。

我需要弹出一个执行以下操作的条件字段

但是我的脚本并没有完全做到这一点,我徘徊在如何更改我的脚本以获得我需要它做的事情。

这是我下面的脚本:

Import-Module ActiveDirectory

$OUPath = "OU=1_Users,DC=DGDomain,DC=Local"

$filepath = "C:\temp\users.csv"

$readonlygroup = "ReadOnlyAccess"
$readonlygroupmembers = Get-ADGroupMember -Identity $readonlygroup | Get-ADUser -Properties SamAccountName | Select SamAccountName

$admingroup = "Domain Admins"
$admingroupmembers = Get-ADGroupMember -Identity $admingroup | Get-ADUser -Properties SamAccountName | Select SamAccountName

$users = Get-ADUser -Filter * -Properties * -SearchBase $OUPath |
         Where-Object { $_.Enabled -eq $true } |
         Select SamAccountName

Get-ADUser -Filter * -Properties * -SearchBase $OUPath |
Where-Object { $_.Enabled -eq $true } |
Select SamAccountName,
       DisplayName,
       @{Label = "Access Level"
            Expression =  {
                    foreach ($user in $users) {
                        if ($readonlygroupmembers -contains $users)
                            { "Read Only" }
                        else {
                            if ($admingroupmembers -contains $users)
                                { "Administrator" }
                            else
                                { "None" }
                            }
                        } } } |

Export-csv $filepath -NoTypeInformation

标签: powershellactive-directory

解决方案

这应该可以解决问题:

$OUPath = "OU=1_Users,DC=DGDomain,DC=Local"

$filepath = "C:\temp\users.csv"

$readonlygroup = "ReadOnlyAccess"
$readonlygroupmembers = (Get-ADGroupMember -Identity $readonlygroup | Get-ADUser -Properties SamAccountName).SamAccountName

$admingroup = "Domain Admins"
$admingroupmembers = (Get-ADGroupMember -Identity $admingroup | Get-ADUser -Properties SamAccountName).SamAccountName

$users = Get-ADUser -Filter { Enabled -eq $true } -SearchBase $OUPath -Properties DisplayName

foreach ($user in $users) {
    if ($user.SamAccountName -in $admingroupmembers) { $groupMembership = 'DomainAdmin'}
    elseif ($user.SamAccountName -in $readonlygroupmembers) { $groupMembership = 'ReadOnly' }
    else {$groupMembership = 'None'}
    [PSCustomObject]@{
        DisplayName = $user.DisplayName
        SamAccountName = $user.SamAccountName
        AccessLevel = $groupMembership

    }
}

Export-csv $filepath -NoTypeInformation

推荐阅读