如何查找用户属于哪个嵌套广告组

编程问答 2022-05-02

问题描述

我需要从属于一组嵌套组的特定 OU 中查找用户(该部分已完成),并写出用户属于哪个组(用户可以属于多个组) 现在我拥有属于这些组的所有用户,但无法弄清楚如何从它们所属的嵌套集中列出所有组。

到目前为止我的脚本:

$GroupDN = (Get-ADGroup "Groupname").distinguishedname

$Users   = Get-ADUser -LDAPFilter "(&(memberOf:1.2.840.113556.1.4.1941:=$GroupDN))" -SearchBase $OU | select name | Export-Csv C:\test\data.xml ```

解决方法

继续我的评论,并根据提供的链接:

https://duckduckgo.com/?q=powershell+%27get+user+group+membership+and+nested+groups%27&t=h_&ia=web

hit(s) --- 当然,根据需要进行调整以获得最终结果

使用 Powershell 获取 AD 嵌套组成员资格

本文帮助您使用 Powershell 查询嵌套的 AD 组成员。我们可以使用 Active Directory PowerShell cmdlet Get-ADGroupMember 获取组成员。

Get-ADGroupMember cmdlet 提供了通过传递参数 -Recursive 来获取所有嵌套组成员的选项。这个 PowerShell 脚本还处理循环成员(无限循环)问题。

https://morgantechspace.com/2015/09/get-ad-nested-group-membership-with-powershell.html

Import-Module ActiveDirectory

function GetNestedADGroupMembership {
Param([parameter(Mandatory=$true)] $user,[parameter(Mandatory=$false)] $grouphash = @{})

   $groups = @(Get-ADPrincipalGroupMembership -Identity $user | select -ExpandProperty distinguishedname)
   foreach ($group in $groups) {
      if ( $grouphash[$group] -eq $null) {
         $grouphash[$group] = $true
         $group
         GetNestedADGroupMembership $group $grouphash
      }
   }
}

GetNestedADGroupMembership 'CN=Smith,OU=TestOU,DC=TestDomain,DC=com'

以及关于类似用例的 SO Q&A:

Find user and AD group relation via nested AD groups

... 或此示例用于相同的搜索,使用您已经作为函数发布的代码,您只需传递一个身份。

# Finding Nested AD Group Memberships 

<#
The following code finds all groups a given Active Directory user is a member of (including nested group memberships). The code requires the ActiveDirectory module.
#>

#requires -Module ActiveDirectory

function Get-NestedGroupMember
{
    param
    (
        [Parameter(Mandatory,ValueFromPipeline)]
        [string]
        $Identity
    )

    process
    {
        $user = Get-ADUser -Identity $Identity
        $userdn = $user.DistinguishedName
        $strFilter = "(member:1.2.840.113556.1.4.1941:=$userdn)"
        Get-ADGroup -LDAPFilter $strFilter -ResultPageSize 1000
    }
}

<#
To find group memberships,simply run Get-NestedGroupMember with the name of a user. The function accepts the same identity information that is accepted by Get-ADUser,so you can specify a SamAccountName,a SID,a GUID,or a distinguishedName
#>

以及图形视图

Powershell Active Directory:列出上游的完整层次结构 用户递归嵌套组 https://github.com/kunaludapi/Powershell-Active-Directory--Show-treeview-of-User-or-Group-memberof-hierarchy/blob/master/Get-ADGroupTreeViewMemberOf.txt

Powershell Active Directory:显示嵌套组成员的树状视图 下游层级 http://vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-nested-group-members-downstream-hierarchy

另见:

https://activedirectorypro.com/find-nested-groups-in-active-directory

active-directoryactive-directory-grouppowershell