Powershell 获取不在多个 Azure AD 组中的用户
我正在尝试获取不属于多个 Azure AD 组的用户列表。我尝试了互联网上的不同脚本,但后来发现该列表并不完整。我尝试的代码:
$users = Get-AzureADUser -All $true -Filter "accountEnabled eq true" | Where UserPrincipalName -like '*@company.com'
#list of groups by ObjectID that you want to check if users are NOT a member of
$groupids = @("662627b7-f1bd-4683-819d-36d299e19308", "9080a490-481b-4f7f-9d26-ecf7a186b00d", "3c3a6682-91bf-4afc-8634-7b54999e98b8")
#create hashtable that will contain users
$userht = @{}
Get-AzureADUser -Filter "accountEnabled eq true" | Where UserPrincipalName -like '*@irdeto.com' | ForEach-Object { $userht.Add($_.ObjectId, $_) } #add all AzureAD users to hashtable with ObjectID as unique key
ForEach ($id in $groupids) {
#if user is member of group, remove them from hashtable
Get-AzureADGroupMember -ObjectId $id | foreach-object { $userht.Remove($_.ObjectId) }
}
#return remaining users that are not in specified groups
$userht.Values
当我运行此代码时,我发现了一些不在组中的用户,但我仍然手动找到了很多不在组中且不在脚本结果中的用户。
I am trying to get a list of users that are NOT in multiple Azure AD Groups. I tried different scripts from the internet but then find out that the list is not complete. The code that i tried:
$users = Get-AzureADUser -All $true -Filter "accountEnabled eq true" | Where UserPrincipalName -like '*@company.com'
#list of groups by ObjectID that you want to check if users are NOT a member of
$groupids = @("662627b7-f1bd-4683-819d-36d299e19308", "9080a490-481b-4f7f-9d26-ecf7a186b00d", "3c3a6682-91bf-4afc-8634-7b54999e98b8")
#create hashtable that will contain users
$userht = @{}
Get-AzureADUser -Filter "accountEnabled eq true" | Where UserPrincipalName -like '*@irdeto.com' | ForEach-Object { $userht.Add($_.ObjectId, $_) } #add all AzureAD users to hashtable with ObjectID as unique key
ForEach ($id in $groupids) {
#if user is member of group, remove them from hashtable
Get-AzureADGroupMember -ObjectId $id | foreach-object { $userht.Remove($_.ObjectId) }
}
#return remaining users that are not in specified groups
$userht.Values
When I run this i found a few users that are non in the groups but i also still found a lot of users manually that are not in the group and was not in the outcome of the script.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试使用 Powershell 脚本获取具有唯一
DIsplayName和Mail的所有用户。注意:确保每个用户都应具有唯一的
DisplayName和Mail。如果两个用户具有相同的 DisplayName 或 Mail,则将计为 1。示例:我在 AAD 中总共有 44 个用户,并且在 3 个组中添加了 6 个用户(每个组有 2 个)。
运行上面的脚本后,我得到了 36 个计数,但符合预期是 38。但由于两个用户具有相同的 DisplayName 和 Mail,因此算作 1。
Tried with your Powershell script getting all the user which have unique
DIsplayNameandMail.Note : Make Sure Every User should have unique
DisplayNameandMail. If two user have same DisplayName or Mail it will count as one.Example : I have total 44 users in AAD and 6 user added in 3 group (each having 2)
After running above script i am getting 36 count but expected is 38. But due to two user have same DisplayName and Mail it counted as one.