问题
I'm trying to retrieve a list of all Ad users matching a filter, pipe that into Get-ADPrincipalGroupMembership and then export the result to an easy to read CSV.
*NB I can't use MemberOf as it returns blank for every single Ad user, and most successful scripts I've found are using MemberOf.
Here's what I've tried which gives me a list of groups but no association as to who goes where. Tried to export-csv as well but it complains of an empty pipe?
import-module activedirectory
foreach ($user in (Get-AdUser -Filter {(Name -Like "*(s)") } | select samaccountName)) {
Get-ADPrincipalGroupMembership $user.samaccountName | select samaccountname,name
}
回答1:
This will include the user's sAMAccountName in the group results:
Import-Module ActiveDirectory
ForEach ($user in (Get-AdUser -Filter {(Name -Like "*(s)") } | select sAMAccountName)) {
Get-ADPrincipalGroupMembership $user.sAMAccountName| select @{Expression={$user.sAMAccountName};Label="User"},sAMAccountName,name
}
That weird notation is for creating a custom table. You can read more about it here: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-powershell-1.0/ee692794(v=technet.10)
Not seeing anything in memberOf may be normal. If you check in Users and Computers, do you see a value in memberOf?
The memberOf attribute will only show groups with a Universal scope in the same AD forest, or Global groups on the same domain. It will not show Global groups on other domains, or Domain Local groups on any domain (even the same domain). So it has its limitations.
Users can also be "a member" of a group by the primaryGroupId attribute, which stores the RID (the last section of the SID) of the user's primary group. This is usually only used for the Domain Users group.
Get-ADPrincipalGroupMembership takes care of all of that for you. It will include the primary group and search every domain in your forest for Global and Domain Local groups that have the user as a member.
来源:https://stackoverflow.com/questions/50526272/retrieving-samaccountname-and-associated-groups-in-a-formatted-csv