powershell - Powershell 获取任何具有 msDS-GroupManagedServiceAccount 属性的 AD 对象不为空?
问题描述
如何在我的 Active Directory 中 获取组托管服务帐户?https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview
因为使用下面的Powershell,它什么都不返回?
$Properties = @(
'msDS-GroupManagedServiceAccount',
'msDS-AllowedToDelegateTo',
'msDS-KeyVersionNumber',
'msDS-PrincipalName',
'MemberOf',
'CanonicalName',
'servicePrincipalName',
'servicePrincipalNames',
'UserPrincipalName',
'whenChanged',
'whenCreated',
'accountExpires'
'lastLogon',
'LastLogonDate',
'lastLogonTimestamp',
'LockedOut',
'logonCount',
'pwdLastSet'
)
$SelectProperties = @(
'DisplayName',
'UserPrincipalName',
'MemberOf',
'LockedOut',
'logonCount',
'whenChanged',
'whenCreated',
'msDS-GroupManagedServiceAccount',
'msDS-AllowedToDelegateTo',
'msDS-KeyVersionNumber',
'msDS-PrincipalName'
)
$CalculatedProps = @(
@{n = 'OU Canonical Path'; e = { $_.CanonicalName.Remove($_.CanonicalName.LastIndexOf($_.Name) - 1) } },
@{n = "MemberOf";e={ ((-join (($_.memberof.split(',')) -like "*cn=*") ) -replace 'CN=',",").TrimStart(",") }},
@{n = 'Last Logon'; e = {[datetime]::FromFileTime($_.lastLogon)}},
@{n = 'LastLogonTimeStamp'; e = {[datetime]::FromFileTime($_.LastLogonTimeStamp)}},
@{n = 'Account Expired Time'; e = {[datetime]::FromFileTime($_.accountExpires)}},
@{n = 'Password Last Set'; e = {[datetime]::FromFileTime($_.pwdLastSet)}},
@{n = "OU" ; e = { $_.Distinguishedname | ForEach-Object { ($_ -split '(OU=)', 2)[1, 2] -join '' } } },
@{n = "PrimarySMTPAddress" ; e = { ( $_.proxyAddresses | ? { $_ -cmatch "SMTP:*" }).Substring(5) -join ";" } },
@{n = "smtp" ; e = { ( $_.proxyAddresses | ? { $_ -cmatch "smtp:*" }).Substring(5) -join ";" } }
)
Get-ADUser -Filter {(Enabled -eq $true) -and (msDS-GroupManagedServiceAccount -neq $null)} -Properties $Properties |
Select-Object ($SelectProperties + $CalculatedProps) | Out-GridView
错误代码:
Get-ADUser : Error parsing query: '(Enabled -eq $true) -and (msDS-GroupManagedServiceAccount -neq $null ) ' Error Message: 'Operator Not supported: -neq' at position: '59'.
At line:1 char:1
+ Get-ADUser -Filter {(Enabled -eq $true) -and (msDS-GroupManagedServic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.Get ADUser
解决方案
推荐阅读
- firebase - Firebase 身份验证中被视为 API 限制的内容
- laravel - 如何使用 laravel 代客共享子域站点?
- eclipse - Tomcat v9.0 服务器无法启动 - 有一个转折
- tensorflow - 在 fp16 上训练时,用于图像分割的 acc on unet 没有上升
- flutter - 如何解决:输入'List
' 不是类型 'String' 的子类型 - php - Asterisk PAMI 如何查找相关事件
- python - 烧瓶用户表单定制
- spring-boot - Spring安全配置问题
- php - 如何提取数据库的名称并将其放在年度条形图上?
- linux - 安装 unison 时 Linux shell 脚本抛出错误