1. 首頁
  2. 問答
  3. 比較來自Get-ADUser陣列的值

比較來自Get-ADUser陣列的值

2017-04-18 98 views
1

我在編寫一個腳本,如果用戶不在特定的OU中,它們會從安全組中刪除用戶。比較來自Get-ADUser陣列的值

我在將OU的用戶數組與安全組中的用戶數組進行比較時遇到問題。

要測試我通過$testGroup$userList中的內容循環播放。兩者看起來都與我相似,但很明顯,他們並不比較,只是輸出$userList -contains $user給了我一堆false結果,即使它應該是真的。

$userList = @() 
$testGroup = @() 

#Get current members of group. Using this instead of get-adgroupmember due to speed 
$testGroup = Get-AdGroup "testGroup" -properties member | select-object -ExpandProperty member | get-aduser 

#Define OUs that we want to get members from 
$OUlist = "OU1","OU2" 

#Populate $userList with members of each OU 
$OUlist | foreach { 
    $userList += get-aduser -filter {Enabled -eq $True} -SearchBase "OU=$_,DC=dc,DC=dc2,DC=dc3" 

} 

#Check the group for anyone no longer in one of the approved OUs 
$testGroup | foreach { 

    if($userList -notcontains $user){ 
     #remove the user from $testGroup 
    } 

}

來源

2017-04-18 Andres M.

+2

不知道,如果你是知道的,但是當你使用$ X | foreach,你需要開始使用管道。所以在這種情況下,個人用戶是$ _(當前項目)。我不確定$用戶在這裏,但你可能需要用$ _替換它。 –

回答

1

有問題了一把......在$Variable | Foreach使用$Variable,而不是像$_提到的巨型就是其中之一。

您可以凝聚這樣整個事情:

# Get-ADGroupMember is easier than Get-ADGroup | Get-ADUser. 
# You also only need the SamAccountName. 
# $TestGroup will be an array automatially... No need to $TestGroup = @() 
$TestGroup = (Get-ADGroupMember 'TestGroup').SamAccountName 

#Define OUs using their full paths. 
$OUList = @(
    'OU=Whatever,DC=example,DC=com', 
    'OU=Something,DC=example,DC=com' 
) 

# Easily call the OU's from $OUList using $_. 
# Again, we only need SamAccountName 
# Again, $UserList will automaticall be an array no '= @()' needed. 
$OUList | ForEach-Object { 
    $UserList += (Get-ADUser -Filter * -SearchBase $_).SamAccountName 
} 


# A proper foreach construct will let you work with $User instead of $_ 
foreach ($User in $TestGroup) 
{ 
    if ($User -notin $UserList) 
    { 
     # Put your action here. 
    } 
}

最後一點,你駝峯,PascalCase之間切換,和小寫所有的地方。雖然PowerShell一致性沒有官方標準,但代碼更易於閱讀。由於.NET風格指南,PascalCase也傾向於被推薦。

另外,如果你想用一個比較,而不是foreach ($User in $TestGroup)

$Compare = Compare-Object -ReferenceObject ($UserList | Select -Unique) -DifferenceObject $TestGroup 

$Compare | ForEach-Object { 
    if ($_.sideindicator -eq '=>') 
    { 
     # Action here. 
    } 
}

來源

2017-04-18 16:38:25 omniomi

2

考慮使用Compare-Object設置的專有名稱比較property值;即

compare-object -ReferenceObject $OUList -DifferenceObject $userList -Property 'DistinguishedName' | 
    ?{$_.SideIndicator -eq '=>'} | 
    select -expand InputObject

全碼:

(未經測試)

$userList = @() 
$testGroup = @() 

$groupName = 'testGroup' 

#Get current members of group. Using this instead of get-adgroupmember due to speed 
$testGroup = Get-AdGroup $groupName -properties member | select-object -ExpandProperty member | get-aduser 

#Define OUs that we want to get members from 
$OUlist = "OU1","OU2" 

#Populate $userList with members of each OU 
$OUlist | foreach { 
    $userList += get-aduser -filter {Enabled -eq $True} -SearchBase "OU=$_,DC=dc,DC=dc2,DC=dc3" | Get-AdUser 

} 

#Check the group for anyone no longer in one of the approved OUs & remove group group 
Remove-ADGroupMember -Identity $groupName -Members (compare-object -ReferenceObject $OUList -DifferenceObject $userList -Property 'DistinguishedName' | ?{$_.SideIndicator -eq '=>'} | select -ExpandProperty InputObject)

來源

2017-04-18 14:55:18 JohnLBevan

相關問題

 相關問題