使用Powershell獲取所有AD用戶及其組羣成員（遞歸）

Question

我有一個來自以前回答的問題的腳本，但沒有足夠的評論聲望。我試圖運行該腳本並遇到以下錯誤消息：

導出CSV：無法將CSV內容附加到以下文件：C：\ users.csv。附加對象沒有與以下列對應的屬性：User; Group。要繼續使用不匹配的屬性，請添加-Force參數，然後重試該命令。

如何調試此腳本來解決此問題？

Function Get-ADGroupsRecursive{ 
Param([String[]]$Groups) 
Begin{ 
    $Results = @() 
} 
Process{ 
    ForEach($Group in $Groups){ 
     $Results+=$Group 
     ForEach($Object in (Get-ADGroupMember $Group|?{$_.objectClass -eq "Group"})){ 
      $Results += Get-ADGroupsRecursive $Object 
     } 
    } 
} 
End{ 
    $Results | Select -Unique 
}} 

import-module activedirectory 

$users = get-aduser -Filter {Name -Like "*"} -Searchbase "OU=Sample Accounts,DC=domain,DC=com" -Properties MemberOf | Where-Object { $_.Enabled -eq 'True' } 

$targetFile = "C:\users.csv" 
rm $targetFile 
Add-Content $targetFile "User;Group" 


foreach ($user in $users) 
{ 
    $Groups = $User.MemberOf 
    $Groups += $Groups | %{Get-ADGroupsRecursive $_} 
$Groups | %{New-Object PSObject -Property @{User=$User;Group=$_}}|Export-CSV $targetfile -notype -append 
} 

Answer 1

試試這個功能

function Get-InChainGroups 
{ 
    param (
     [parameter(mandatory = $true)] 
     $user, 
     $domain) 

    $user1 = (get-aduser -filter { name -eq $user } -server $domain).distinguishedname 
    Write-verbose "checking $user" 
    $ldap = "(&(objectcategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=$user1))" 

    try { Get-ADobject -LDAPFilter $ldap -server $domain | select @{ n = 'Identity'; e = { $user } }, Name, @{ n = 'DN'; e = { $_.distinguishedname } } | ft -a } 
    catch { "Exception occurred" } 


}