powershell - 当经理是联系人时获取 ADUser 的经理。不是帐户
问题描述
我有一个脚本正在运行以获取所有帐户及其经理并输出到 csv。我想获取经理的员工 ID 和 UserPrincipalname
这适用于作为帐户的经理,但有时一个人的经理是联系人,因为他们是由来自不同办公室(而不是我们当地的 AD)的人管理的。
Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -filter * -properties * | select GivenName, Name, Surname, UserPrincipalName, employeeID, @{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}}, Department, Title, @{Name="ManagerID";Expression={(get-aduser -property employeeID $_.manager).employeeID}}, @{Name="ManagerEmail";Expression={(get-aduser -property employeeID $_.manager).UserPrincipalname}} | Export-CSV -Path C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv
我知道我可以通过以下方式获得联系:
Get-ADObject -Filter 'employeeID -eq "001" -and objectClass -eq "contact"'
但我似乎无法将这两个概念结合起来。如果它是联系人而不是帐户,我如何获取用户的经理信息?
谢谢!
解决方案
您不会将所有这些都作为一条线(除非您喜欢疯狂的长行代码..),但我会遍历找到的用户来执行以下操作:
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
$allUsers = Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -Filter * -Properties Department, Title, EmployeeID, AccountExpirationDate, Manager
foreach ($user in $allUsers) {
# create an empty Hashtable for the two manager properties
$manager = @{ID = $null; Email = $null }
if (![string]::IsNullOrWhiteSpace($user.Manager)) {
# try and get an ADObject from the Manager property (= DistinguishedName)
# Get-ADObject by default returns these properties:
# DistinguishedName, Name, ObjectClass, ObjectGUID
# if you're worried about distinghuishedName containing characters like a single quote (O'Brian)
# you can use the -Identity parameter:
try { $mgrObject = Get-ADObject -Identity $user.Manager -Properties mail, EmployeeID -ErrorAction Stop }
catch {$mgrObject = $null}
# using the -Filter would not need a try{..} catch{..}
# $mgrObject = Get-ADObject -Filter "DistinguishedName -eq '$($user.Manager)'" -Properties mail, EmployeeID -ErrorAction SilentlyContinue
if ($mgrObject) {
# test if this is a contact or a user object
switch ($mgrObject.objectClass) {
'user' {
# if it's a user, perform another Get-ADUser call
$mgr = $mgrObject | Get-ADUser -Properties EmployeeID, EmailAddress
$manager['ID'] = $mgr.EmployeeID
$manager['Email'] = $mgr.EmailAddress # or if you prefer UserPrincipalName
}
'contact' {
# if it's a contact use the properties we already have in the $mgrObject
$manager['ID'] = $mgrObject.EmployeeID
$manager['Email'] = $mgrObject.mail
}
}
}
}
# output an object with all properties you want in the csv
$user | Select-Object GivenName, Name, Surname, UserPrincipalName, EmployeeID,
@{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}},
Department, Title,
@{Name="ManagerID";Expression={$manager['ID']}},
@{Name="ManagerEmail";Expression={$manager['Email']}}
}
# output the results to CSV file
$result | Export-CSV -Path 'C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv' -NoTypeInformation
AFAIK 这些是您可以使用 Get-ADObject 为联系人获取的所有属性:
CanonicalName, Description, DisplayName, DistinguishedName
givenName, legacyExchangeDN, mail, Name, initials, sn, targetAddress
Title, Department, Division, Company, EmployeeID, EmployeeNumber
StreetAddress, PostalCode, telephoneNumber, HomePhone, mobile, pager, ipphone
facsimileTelephoneNumber, l, st, cn, physicalDeliveryOfficeName, co
mailnickname, proxyAddresses, msExchRecipientDisplayType
msExchRecipientTypeDetails, msExchRemoteRecipientType, info