时间戳

首页 > 解决方案 > Powershell Get-Groupmembers 进入 Out-GridView

powershell - Powershell Get-Groupmembers 进入 Out-GridView

问题描述

我想使用 Out-GridView 来显示选定广告组的成员。如果我能获得所有成员(计算机、其他组、用户),那就太好了,但至少用户是强制性的。我现在有这个代码:

    Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int"|
    Select-Object @{n="Group"; e={$_.Name}}, DistinguishedName |Sort-Object "Group"|
    Out-GridView -Title "Select a group, then click OK"  -PassThru
$accounts = Foreach ($group in $groups) {Get-ADGroupMember -Identity $group.DistinguishedName -Recursive}

$report = Get-ADUser -Identity $account -Properties *|
    Select-Object name, SamAccountName, EmailAddress, EmployeeID, TelephoneNumber, Created, Department, City| 
    Out-GridView -Title "The members of the group"  -PassThru

目前我可以搜索组,选择它,然后我没有得到所有成员。我想只有一个。而且只有一个用户导致它是Get-ADuser。谁能帮我?

或者互联网上的某个地方可能有类似的 powershell 前端?

标签: powershell

解决方案

由于Get-ADGroupMember可以返回 3 种不同类型的 AD 对象,因此不能盲目地Get-ADUser在每个返回的对象上使用。
更重要的是,并非所有这些不同的对象都具有您希望在网格视图中显示的相同属性,因此您需要一些方法来捕获它们共有的属性,同时将其他对象留空。

尝试:

Import-Module ActiveDirectory

$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int" |
          Select-Object @{Name = "Group"; Expression = {$_.Name}}, DistinguishedName | Sort-Object "Group"

# show the groups in a grid view and have the user select one item  
$selected = $groups | Out-GridView -Title "Select a group, then click OK" -PassThru

# if not cancelled
if ($selected) {
    # loop through the members of the selected group and capture the resulting objects in variable $result
    $result = foreach ($member in (Get-ADGroupMember -Identity $selected.DistinguishedName -Recursive)) {
        $account = switch ($member.objectClass) {
            'user' { 
                # Get-ADUser by default returns these properties:
                # DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
                Get-ADUser -Identity $member.DistinguishedName -Properties EmailAddress, EmployeeId, 
                                                                           OfficePhone, Created, Department, City
            }
            'group' {
                # Get-ADGroup by default returns these properties:
                # DistinguishedName, GroupCategory, GroupScope, Name, ObjectClass, ObjectGUID, SamAccountName, SID
                Get-ADGroup -Identity $member.DistinguishedName -Properties mail, Created |
                # rename the property 'mail' here
                Select-Object *, @{Name = 'EmailAddress'; Expression = {$_.mail}} -ExcludeProperty mail
            }
            'computer' {
                # Get-ADComputer by default returns these properties:
                # DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID,  UserPrincipalName
                Get-ADComputer -Identity $member.DistinguishedName -Properties Created
            }
        }
        # output an object with all properties you want in the grid view. Some will be empty though depending on the object type
        $account | Select-Object @{Name = 'Type'; Expression = {$member.objectClass}}, 
                                 Name, SamAccountName, EmailAddress, EmployeeId, OfficePhone, Created, Department, City
    }
    # display the results
    $result | Sort-Object Type, Name | Out-GridView -Title "The members of group '$($selected.Name)'"
}

推荐阅读