列表是否在CSV文件中启用或禁用AD组成员

Question

我有以下脚本并且运行良好。我试图在最后添加“启用”列，但不确定如何将其添加为扩展属性。

Import-Module ActiveDirectory
#create an empty array
$temp = @()

#make it multi-dimensional array
$Record = @{
  "Group Name" = ""
  "Name" = ""
  "Username" = ""
  "Enabled" = ""
}

$Groups = (Get-AdGroup -filter * -SearchBase "CN=Domain Admins,CN..." | Where {$_.name -like "**"} | select name -ExpandProperty name)

Foreach ($Group in $Groups) {

  $Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname, enabled

  foreach ($Member in $Arrayofmembers) {
    
    $Record."Group Name" = $Group
    $Record."UserName" = $Member.samaccountname
    $Record."Name" = $Member.name
    $Record."Enabled" = $Member.enabled
    $objRecord = New-Object PSObject -property $Record
    $temp += $objrecord

  }
}

$temp | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation

Answer 1

不幸的是，get-adgroupmember不用启用属性返回对象，因此我们需要为此使用Get-Aduser。

顺便说一句，将项目添加到具有+=的数组中是非常时间和内存，因为每次全部数组都需要在内存中重建。
让PowerShell从阵列中收集循环的输出要好得多。

Import-Module ActiveDirectory

# get an array of Group objects
$Groups = Get-AdGroup -Filter * -SearchBase "CN=Domain Admins,CN..." 

# loop through this array and capture the output in variable $result
$result = foreach ($Group in $Groups) {
    # get the members of each group.
    # members can be users, groups, and computers, so filter on users only
    $Group | Get-ADGroupMember -Recursive | Where-Object { $_.objectClass -eq 'user' } |
    ForEach-Object {
        # get the user in order to find its Enabled property
        $user = Get-ADUser -Identity $_.DistinguishedName
        [PsCustomObject]@{
            'Group Name' = $Group.Name
            'UserName'   = $user.SamAccountName
            'Name'       = $user.Name
            'Enabled'    = $user.Enabled
        }
    }
}

# now export the results to a CSV file
$result | Export-Csv "C:\temp\SecurityGroups.csv" -NoTypeInformation