当前位置: 文江博客话题详情

检查用户是否属于某些广告组的任何一部分

发布于 2025-01-22 08:46:11 字数 1074 浏览 0 评论 0原文

我是Powershell的新手。我希望能够指导如何工作。

因此,我的新员工脚本的一部分是确保将创建的用户帐户肯定添加到所有组中。如果由于某种原因没有添加它,我需要一种未能添加帐户的身份的方法。

We have office group office name that starts with Province/state Like ON,BC,AB and end with [电子邮件受保护]

$ADgroupofAlloffices= $provincearray | ForEach-Object -process {Get-ADGroup -Filter "mail -like '$_-*'" -Properties Mail |
Where-Object {$_.Mail -LIKE "*[email protected]"} |
 Select-Object DistinguishedName | Sort-Object -Property Samaccountname}

这是我的询问,可以通过DickindedName获取所有组。我有30个小组。

现在,我需要离开,以查看新租用帐户是否是该组的一部分,这是所有脚本的最后部分的一部分。

$user_groups = (Get-ADUser -Identity $ADUseraccount -Properties memberof | Select-Object memberof).memberof

我知道我可以得到所有用户组。

我如何检查AD用户是否是这些办公室组中的任何一个,并告诉我是否不是这些组中的任何一个。

让我知道在哪里需要进行更多搜索解决方案。在这里刮擦我的头。

原文

I'm fairly new to powershell. I'm hoping to get direction on how I can task to work.

So part of my new hire script is to ensure a user account that gets created is surely added to Office ALL group. If it doesn't get added for some reason, I need a way to identity which account didn't get added.

We have office group office name that starts with Province/state Like ON,BC,AB and end with [email protected]

$ADgroupofAlloffices= $provincearray | ForEach-Object -process {Get-ADGroup -Filter "mail -like '$_-*'" -Properties Mail |
Where-Object {$_.Mail -LIKE "*[email protected]"} |
 Select-Object DistinguishedName | Sort-Object -Property Samaccountname}

This is my query to get all the groups by DistinguishedName. I have than more 30 groups.

Now I need away to check to see if the new hire account is part of this group as part of the final portion of over all script.

$user_groups = (Get-ADUser -Identity $ADUseraccount -Properties memberof | Select-Object memberof).memberof

I know with this I can get all the group of users.

How I check if AD user is part any of these office groups and let me know if user is not part any of these groups.

Let me know where need to do more search on finding solution for this. Scratching my head here.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

四叶草在未来唯美盛开 2025-01-29 08:46:11

做到这一点的几种方法,这是一种,首先可以使用 AD过滤仅通过某些字符串操纵。您可以迭代$ profarray生成一系列字符串,然后将其连接并组合到单个 ldap filter ,例如,以您的问题中提供的省份/状态为例,过滤器将是这样的东西:

(|(mail=ON*[email protected])(mail=BC*[email protected])(mail=AB*[email protected]))

然后查询所有组后,您可以使用所有这些组的dickinedname$ officeGroups)获得一个数组,我们可以使用它与成员进行比较用户的属性:

$provArray = 'ON', 'BC', 'AB' # and more here
$filter = foreach($i in $provArray) {
    "(mail=$i*[email protected])"
}
$filter = "(|$(-join $filter))"
$officeGroups = (Get-ADGroup -LDAPFilter $filter).DistinguishedName

$user = (Get-ADUser 'someuser' -Properties memberof).memberof
if($user.where{ $officeGroups -contains $_ }) {
    'user is a member of at least one office group'
    # do something here
}
else {
    'user is not a member of any office groups'
    # do something here
}

Several ways to do this, here is one, first the way you're getting the Office Groups can be optimized using AD Filtering only, with some string manipulation. You can iterate over the $provArray to generate an array of strings which then gets joined and combined into a single LDAP Filter, in example with the Provinces / States provided in your question the filter would be something like this:

(|(mail=ON*[email protected])(mail=BC*[email protected])(mail=AB*[email protected]))

Then after you query for all the groups, you can get an array with the DistinguishedName of all these groups ($officeGroups) which we can use to compare with the memberOf attribute of the user:

$provArray = 'ON', 'BC', 'AB' # and more here
$filter = foreach($i in $provArray) {
    "(mail=$i*[email protected])"
}
$filter = "(|$(-join $filter))"
$officeGroups = (Get-ADGroup -LDAPFilter $filter).DistinguishedName

$user = (Get-ADUser 'someuser' -Properties memberof).memberof
if($user.where{ $officeGroups -contains $_ }) {
    'user is a member of at least one office group'
    # do something here
}
else {
    'user is not a member of any office groups'
    # do something here
}
回复 原文
断念 2025-01-29 08:46:11

由于您已经拥有您感兴趣的所有组的杰出名称,因此您只需测试用户是否是该列表中的任何组并从那里出发。

$OfficeGroup = $ADgroupofAlloffices | Where{$_.DistinguishedName -in $user_groups}
If(!$OfficeGroup){Write-Warning "User is not in an office group"}

Since you already have the distinguished name of all of the groups you're interested, you can just test if any of the groups that the user is a member of is in that list and go from there.

$OfficeGroup = $ADgroupofAlloffices | Where{$_.DistinguishedName -in $user_groups}
If(!$OfficeGroup){Write-Warning "User is not in an office group"}
回复 原文
~没有更多了~

关于作者

青春如此纠结

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文