Powershell About Active Directory Group Membership of a domain user

使用Get-User命令去寻找group membership of a domain user

$((Get-ADUser Wendy -Properties *).MemberOf -split (“,”)  | Select-String -SimpleMatch “CN=”) -replace “CN=”,””

扩展1?：获取在群组Wendy和群组Gaga中的所有用户

Get-ADUser -Filter * -SearchScope Subtree -SearchBase "dc=xx,dc=xx,dc=xxx" -Properties * |  where {($($_.MemberOf -split (“,”)  | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -contains "GroupGaga" -or ($($_.MemberOf -split (“,”)  | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -contains "GroupWendy"} | select name，$($_.MemberOf -split (“,”)  | Select-String -SimpleMatch “CN=”) -replace “CN=”,””)

扩展2：定义筛选范围条件，将这个范围内不属于某个群组的用户加入某个群组

Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=XX,dc=XX,dc=XX,dc=XX" -Properties * |  where {$_.Title -eq "WW有限公司" -and $_.EmailAddress -ne $null -and $_.City -ne $null -and $_.Enabled -eq $true -and ($($_.MemberOf -split (“,”)  | Select-String -SimpleMatch “CN=”) -replace “CN=”,””) -notcontains "GroupNacy"} | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “GroupNacy)” -Members $_}

扩展3：查询用户的隶属群组

$export[email protected]()
$Users=Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=xx,OU=xx,dc=xx,dc=xx,dc=xx" -Properties *
 
foreach($user in $users)
{
#$User=Get-ADUser -identity wendy -Properties *
$members=($user.MemberOf -split (“,”) | Select-String -SimpleMatch “CN=”) -replace “CN=”,””
$name=$user.name
#$all=$members | findstr /i "GroupWendy Groupgaga" 可以放在一个条件中
$w=$members | findstr /i "GroupWendy"
#筛选群组，用findstr   /i为忽略大小写参数  findstr /i "^Groupgaga" 表示：查询以Groupgaga开头的string
$g=$members | findstr /i "^Groupgaga"
$wendy=[string]$w
$gaga=[string]$g
$info=New-Object Psobject
$info |Add-Member -MemberType NoteProperty -Name 姓名 -Value $name
$info |Add-Member -MemberType NoteProperty -Name Groupgaga -Value $gaga
$info |Add-Member -MemberType NoteProperty -Name GroupWendy -Value $wendy
$export+=$info
}
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString(‘yyyy-MM-dd‘)
$export |Export-Csv D:\ps\userPermissioninfo_$CurrentDate.csv -Encoding UTF8 -NoTypeInformation