尝试从 AD 中提取包含所有用户的列表，但名为“禁用用户”的 OU 除外。如何从我的列表中排除该 OU？

发布于 2025-01-11 18:21:10 字数 264 浏览 0 评论 0原文

这是我到目前为止所拥有的：

Get-ADUser -Filter 'Department -like "*"' -Properties * |
    Select -Property DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
    Export-CSV "C:\ad-users.csv"

原文

This is what I have so far:

Get-ADUser -Filter 'Department -like "*"' -Properties * |
    Select -Property DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
    Export-CSV "C:\ad-users.csv"

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

抚笙 2025-01-18 18:21:10

您可以使用 Where-Object 子句来过滤用户 OU

# fill in the DistinguishedName of the 'Disabled Users' OU here
$ouToExclude = 'OU=...'

# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so you only need to ask for extra properties not already in this list
Get-ADUser -Filter "Department -like '*'" -Properties DisplayName,Title,Department,Office,OfficePhone |
Where-Object { $_.DistinguishedName -notlike "*$ouToExclude" } | 
Select-Object DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |  
Export-Csv "C:\ad-users.csv" -NoTypeInformation

You can use a Where-Object clause to filter on the users OU

# fill in the DistinguishedName of the 'Disabled Users' OU here
$ouToExclude = 'OU=...'

# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so you only need to ask for extra properties not already in this list
Get-ADUser -Filter "Department -like '*'" -Properties DisplayName,Title,Department,Office,OfficePhone |
Where-Object { $_.DistinguishedName -notlike "*$ouToExclude" } | 
Select-Object DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |  
Export-Csv "C:\ad-users.csv" -NoTypeInformation

回复收藏 0 原文

遮云壑 2025-01-18 18:21:10

我相信您可以使用 -LDAPFilter 这样做，首先您需要查询要排除的 OU 并获取其 DistinguishedName 然后您可以查询所有用户并过滤他们所在的位置DistinguishedName 不包含要排除的 OU。

注意：假设只有 1 OU 名称为禁用用户。如果有更多相同的 OU，我建议您对 $ouDN 中排除的 OU 的 DistinguishedName 进行硬编码。

还值得注意的是，查询所有用户的所有属性（-Properties *）效率非常低，您应该始终只查询感兴趣的属性（-属性 attrib1、attrib2 等）。

$properties = @(
    'DisplayName'
    'GivenName'
    'Surname'
    'Title'
    'Department'
    'Office'
    'OfficePhone'
)
$ouToExclude = 'Disabled Users'
$ouDN = (Get-ADOrganizationalUnit -LDAPFilter "(Name=$ouToExclude)").DistinguishedName
Get-ADUser -LDAPFilter "(Department=*)" -Properties $properties | & {
    process {
        if($_.DistinguishedName -notlike "*$ouDN") { $_ }
    }
} | Select-Object $properties | Export-Csv "C:\ad-users.csv" -NoTypeInformation

I believe you could do it this way using -LDAPFilter, first you need to query the OU to Exclude and get it's DistinguishedName then you can query all users and filter them where their DistinguishedName does not contain the OU to exclude.

NOTE: This assumes there is only 1 OU with Name Disabled Users. If there are more OUs with the same I would recommend you to hardcode the DistinguishedName of the excluded OU in $ouDN.

It's also worth noting that querying all attributes (-Properties *) for all users is highly inefficient, you should always query only the attributes of interest (-Properties attrib1, attrib2, etc).

$properties = @(
    'DisplayName'
    'GivenName'
    'Surname'
    'Title'
    'Department'
    'Office'
    'OfficePhone'
)
$ouToExclude = 'Disabled Users'
$ouDN = (Get-ADOrganizationalUnit -LDAPFilter "(Name=$ouToExclude)").DistinguishedName
Get-ADUser -LDAPFilter "(Department=*)" -Properties $properties | & {
    process {
        if($_.DistinguishedName -notlike "*$ouDN") { $_ }
    }
} | Select-Object $properties | Export-Csv "C:\ad-users.csv" -NoTypeInformation

回复收藏 0 原文

~没有更多了~