使用Get-User命令去寻找group membership of a domain user
$((Get-ADUser Wendy -Properties *).MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””
扩展1️:获取在群组Wendy和群组Gaga中的所有用户
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "dc=xx,dc=xx,dc=xxx" -Properties * | where {($($_.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -contains "GroupGaga" -or ($($_.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -contains "GroupWendy"} | select name,$($_.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””)
扩展2:定义筛选范围条件,将这个范围内不属于某个群组的用户加入某个群组
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=XX,dc=XX,dc=XX,dc=XX" -Properties * | where {$_.Title -eq "WW有限公司" -and $_.EmailAddress -ne $null -and $_.City -ne $null -and $_.Enabled -eq $true -and ($($_.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -notcontains "GroupNacy"} | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “GroupNacy)” -Members $_}
扩展3:查询用户的隶属群组
$export=@() $Users=Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=xx,OU=xx,dc=xx,dc=xx,dc=xx" -Properties * foreach($user in $users) { #$User=Get-ADUser -identity wendy -Properties * $members=($user.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,”” $name=$user.name #$all=$members | findstr /i "GroupWendy Groupgaga" 可以放在一个条件中 $w=$members | findstr /i "GroupWendy" #筛选群组,用findstr /i为忽略大小写参数 findstr /i "^Groupgaga" 表示:查询以Groupgaga开头的string $g=$members | findstr /i "^Groupgaga" $wendy=[string]$w $gaga=[string]$g $info=New-Object Psobject $info |Add-Member -MemberType NoteProperty -Name 姓名 -Value $name $info |Add-Member -MemberType NoteProperty -Name Groupgaga -Value $gaga $info |Add-Member -MemberType NoteProperty -Name GroupWendy -Value $wendy $export+=$info } $CurrentDate = Get-Date $CurrentDate = $CurrentDate.ToString('yyyy-MM-dd') $export |Export-Csv D:psuserPermissioninfo_$CurrentDate.csv -Encoding UTF8 -NoTypeInformation