时间戳

首页 > 解决方案 > 需要帮助将用户以前的 ou、描述和规范名称导出到 csv 文件,这样我就可以创建一个脚本来将其反向用于 DR

powershell - 需要帮助将用户以前的 ou、描述和规范名称导出到 csv 文件,这样我就可以创建一个脚本来将其反向用于 DR

问题描述

这是我的代码,所以我是系统管理员。21, little coding exp... 我正在尝试开发一个脚本,将非活动用户移动到一个 ou,并将他们以前的 ou、描述和主体名称的日志导出到一个文件夹中,如果我可以使用该文件夹对另一个脚本进行逆向工程有一场灾难......除了csv部分根本不会导出之外,效果很好。感谢所有帮助。

#Import AD Module
Import-Module ActiveDirectory

$ErrorActionPreference = "SilentlyContinue"


$DestOUName = "Disabled Users"
$searchbase = (Get-ADDomain).DistinguishedName
$DestinationOU = "OU=$DestOUName,$searchbase"
$DestOU = Get-ADOrganizationalUnit -Filter "distinguishedName = '$DestinationOU'"

If($null -eq $DestOU)
{
    Write-Host "Creating New Orginizational Unit $DestinationOU"
    New-ADOrganizationalUnit -Name $DestOUName -Path $searchbase
}

If(($null -ne $DestOU) -and ($null -ne $DestOUName))
{
    Write-Host "Orginizational Unit $DestinationOU Exist"
}


$Days = (Get-Date).AddDays(-365)
Write-Host "Days: $Days"

$ProgramFiles = ($env:ProgramFiles)
Write-Host "ProgramFiles: $ProgramFiles"

$Name = "InnerCore"
Write-Host "FolderName: $Name"

$InnerCoreFolder = "$ProgramFiles\'$Name"
Write-Host "InnerCoreFolder: $InnerCoreFolder"

$Result = (Test-path $InnerCoreFolder)
Write-Host "Result: $Result"
Write-Host "Test-Path $(Test-Path $InnerCoreFolder)"

$Users = get-aduser -properties userPrincipalName,LastLogonDate,description -Filter {(LastLogonDate -lt $Days)} -SearchBase $searchbase

# Create Innercore Folder if Result is false, then move users to Dest Ou

if($Result -eq $false)
    {
    Write-Host "Creating a Folder for InnerCore Technologies"
    New-Item -Name "$Name" -ItemType "directory"
    }
if($Result -eq $true)
    {
        Write-Host "($InnerCoreFolder) Already Exist"
    }

  
Write-Host "Moving Inactive Users to $DestOUName"  
foreach ($user in $Users)
    {
        #Get ADUser DistinguishedName/CanomicalName
        #Get ADUser Description
        #Get ADUser OU
    
    $OrigionalCanomicalName = $User.CanomicalName
    $OrigionalDescription = $User.Description
    $OrigionalOU = ($user.DistinguishedName -split ",",2)[1]
    
    Get-aduser $OrigionalCanomicalName,$OrigionalDescription,$OrigionalOU | Select-Object $OrigionalCanomicalName,$OrigionalDescription,$OrigionalOU

    #Move and Disable $User
    $Date = Get-Date -Format "dddd MM/dd/yyyy HH:mm"
    Write-Host "Disabling and Moving: $($user.userPrincipalName), $($user.LastLogonDate), $($user.description)"
    #Set-AdUser $user -Enabled $False -Description "Disabled and Moved on ($Date)|$($user.description)"
    #$User | Move-ADObject -TargetPath $DestinationOU
    }

    #Export Info as a CSV to the InnerCore Folder for Reverse Engineering
    $LogName = "InactiveUsersBeforeChange.csv"
    Write-Host "Logname: $Logname"
    $LogPath = $InnerCoreFolder/$Logname
    Write-Host = "$Logname": $LogPath
    Export-csv -Path "$LogPath" -Name "$LogName"
    Write-Host -ForegroundColor Cyan "exporting a log to the InnerCore folder just in case you need it :)"
    Write-Host -ForegroundColor Green "all done :)"

标签: powershellactive-directorystack-overflow

解决方案

你去 Zack,系统管理员 :) 我添加了一些评论供你遵循。

$ErrorActionPreference = "Stop" # You really really want to see if anything fails,
                                # specially working with AD. SilentlyContinue is Evil.

$DestOUName = "Disabled Users"
$searchBase = (Get-ADDomain).DistinguishedName
$DestinationOU = "OU=$DestOUName,$searchbase"
# $DestOU = Get-ADOrganizationalUnit -Filter "distinguishedName = '$DestinationOU'"
# this wouldn't work, Filter should be -Filter "distinguishedName -eq '$DestinationOU'"

try
{
    # DistinguishedName is the default input parameter for Get-ADOrganizationalUnit
    # we don't need to use Filter, BUT, if it can't find the OU it will throw so we can use
    # a try {} catch{} to create one OU if it fails!
    Get-ADOrganizationalUnit $destinationOU > $null # Direct stdout to $null so we don't get any output if the OU exist
    Write-Host "Organizational Unit $DestinationOU Exist"
}
catch
{
    Write-Host "Creating New Orginizational Unit $DestinationOU"
    New-ADOrganizationalUnit -Name $DestOUName -Path $searchBase
}

$Days = (Get-Date).AddDays(-365)
Write-Host "Days: $Days"

$ProgramFiles = ($env:ProgramFiles)
Write-Host "ProgramFiles: $ProgramFiles"

$hash = @{
    Properties = 'LastLogonDate','Description','canonicalName'
    Filter = "LastLogonDate -lt '$Days'"
    SearchBase = $searchbase
}
$Users = Get-ADuser @hash

# Create Innercore Folder if Result is false, then move users to Dest Ou

$Name = "InnerCore"
Write-Host "FolderName: $Name"

$InnerCoreFolder = Join-Path $ProgramFiles -ChildPath $Name
Write-Host "InnerCoreFolder: $InnerCoreFolder"

if(-not(Test-Path $InnerCoreFolder))
{
    Write-Host "Creating a Folder for InnerCore Technologies"
    New-Item -Name $InnerCoreFolder -ItemType Directory
}
else
{
    Write-Host "$InnerCoreFolder - Already Exist"
}
  
Write-Host "Moving Inactive Users to $DestOUName"  

$output = [system.collections.generic.list[pscustomobject]]::new()

foreach ($user in $Users)
{
    #Move and Disable $User
    $Date = Get-Date -Format "dddd MM/dd/yyyy HH:mm"
    Write-Host "Disabling and Moving: $($user.userPrincipalName), $($user.LastLogonDate), $($user.description)"
    try
    {
        Set-ADUser $user -Enabled $False -Description "Disabled and Moved on ($Date)|$($user.description)"
        $User | Move-ADObject -TargetPath $DestinationOU

        # If Set-ADUser and Move-ADObject didn't fail it's safe to say that users were
        # Disabled + Moved, hence we can safely add the log of our user to our collection.

        $output.Add(
            [pscustomobject]@{
                UserPrincipalName = $user.UserPrincipalName
                OriginalOU = ($user.DistinguishedName -split ",",2)[1]
                Description = $user.Description
        })
    }
    catch
    {
        Write-Warning $_

        # You can add a secondary log for failures here just in case.
    }
}

#Export Info as a CSV to the InnerCore Folder for Reverse Engineering
$LogName = "InactiveUsersBeforeChange.csv"
Write-Host "Logname: $Logname"
$LogPath = Join-Path $InnerCoreFolder -ChildPath $LogName
Write-Host "LogPath: $LogPath"

if($output)
{
    $output|Export-csv -Path $LogPath -NoTypeInformation
    Write-Host -ForegroundColor Cyan "exporting a log to the InnerCore folder just in case you need it :)"
    Write-Host -ForegroundColor Green "all done :)"
}
else
{
    "No users were moved....."
}

推荐阅读