windows 检查CSV文件中的用户是否是2个AD组的一部分,两个AD组的成员数都超过5000

lc8prwob  于 2023-03-24  发布在  Windows
关注(0)|答案(1)|浏览(131)
$userlist = get-content -Path "C:\users\Administrator\Downloads\users.txt"

 $group = "Fun-O365-EXO"

 Write-Host Following Users are not part of Fun-O365-EXO`
 $result = foreach ($user in $userlist)
{
    $groupmembers = Get-ADgroup -Filter {Name -eq $group} | Get-ADGroupMember

    if ($groupmembers.samaccountname -notmatch $user){
        [PSCustomObject]@{
       Name = $user 
        Group = $group 
        #Member = 'False'
        }
   }
    
}

$result

无法在生产服务器中获得所需的输出,可能是因为它有超过5k的成员。
我有一个多个用户ID在它的txt文件。我需要知道他们是否是2 AD组的成员。

92dk7w1h

92dk7w1h1#

你在问题中提到了两个组,但在你的代码中我只看到了一个。另外,你不需要获得组成员资格来知道用户是否是它的成员,你可以通过查询来知道这一点。

$group1 = (Get-ADGroup Group1).DistinguishedName
$group2 = (Get-ADGroup Group2).DistinguishedName
$filter = "(&(memberOf=$group1)(memberOf=$group2)(samAccountName={0}))"

Get-Content -Path "C:\users\Administrator\Downloads\users.txt" | ForEach-Object {
    $ldapFilter = $filter -f $_
    if(Get-ADUser -LDAPFilter $ldapFilter) {
        # here is for the user was a member of both groups
        $_
    }
}

相关问题