Powershell Get Domain User的几种方法
一、Get-User单用户查询
$User=Get-ADUser -identity wendy -Properties *
二、Get-User多用户循环查询
$export=@() $Users=Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=xx,OU=xx,dc=xx,dc=xx,dc=xx" -Properties * foreach($user in $users) { #$User=Get-ADUser -identity wendy -Properties * $name=$user.name #这里可以添加多类属性 $info=New-Object Psobject $info |Add-Member -MemberType NoteProperty -Name 姓名 -Value $name $export+=$info } $CurrentDate = Get-Date $CurrentDate = $CurrentDate.ToString('yyyy-MM-dd') $export |Export-Csv D:\ps\userPermissioninfo_$CurrentDate.csv -Encoding UTF8 -NoTypeInformation
三、ou查询
functions代码如下,参考http://www.JSchofield22.wordpress.com的代码
function Get-OUWithObjects { <# .SYNOPSIS Function to get all OUs that contain Users, Groups, or Contacts. .DESCRIPTION This function requires Quest ActiveRoles AD Management to be installed. The purpose of this script is to go out and find any and all OrganizationalUnits which contain Users, Groups, or Contacts. It performs a count on each type of object and prints them to a CSV File. This is a useful tool for any Admin getting ready to perform an Active Directory migration in order to better understand the existing environment. This script does not require and special privelages in order to run as you're only reading from Active Directory. .PARAMETER Domains This allows you to input as many domains as you'd like to scan against. (ex. -Domains "domain1","domain2","domain3" ) .PARAMETER OutFile This specifies the directory path and file name for the CSV output. (ex. -Outfile c:\temp.csv) .NOTES Name: Get-OUWithObjects.ps1 Author: Josh Schofield DateCreated: 12/28/2012 .LINK http://www.JSchofield22.wordpress.com .EXAMPLE Get-OUWithObjects -Domains "Domain1","Domain2" -OutFile "C:\temp\test.csv" #> param( [Parameter(Mandatory=$true)] $Domains, [Parameter(Mandatory=$true)] [string]$OutFile ) if ((Get-PSSnapin -Registered| where {$_.name -eq "quest.activeroles.admanagement"}) -eq $null){Write-Error "Quest.ActiveRoles.ADManagement NOT Installed"} else { Get-PSSnapin -Registered| where {$_.name -eq "quest.activeroles.admanagement"} | Add-PSSnapin | Out-Null if ((test-path $OutFile) -eq "True"){del $OutFile} $output = @() foreach ($domain in $domains) { Connect-QADService $domain Get-QADObject -Type "organizationalunit" -IncludedProperties name,type,parentcontainer,dn -SizeLimit 0| %{ $ouname = $_.name $parentcontainer = $_.parentcontainer $adobjects = get-qadobject -SearchRoot $_.dn -SearchScope OneLevel -IncludedProperties type,name -SizeLimit 0 | where {(($_.type -eq "contact") -or ($_.type -eq "user") -or ($_.type -eq "group"))} $users = $adobjects | where {$_.type -eq "user"} $groups = $adobjects | where {$_.type -eq "group"} $contacts = $adobjects | where {$_.type -eq "contact"} $results = "" | Select Domain, Name, UserCount, GroupCount, ContactCount, ParentContainer $results.Domain = $domain $results.Name = $ouname $results.ParentContainer = $parentcontainer if ($users -ne $null) { $results.UserCount = $users.count } #End of User Check if ($groups -ne $null) { $results.GroupCount = $groups.count } #End of User Check if ($contacts -ne $null) { $results.ContactCount = $contacts.count } #End of User Check $output += $results Clear-Variable $results -ErrorAction SilentlyContinue Clear-Variable $ouname -ErrorAction SilentlyContinue Clear-Variable $parentcontainer -ErrorAction SilentlyContinue $adobjects = $null $users = $null $groups = $null $contacts = $null } #End of Get QADObject OU } $output | Export-Csv $OutFile -NoTypeInformation }}