通过powershell获取每个用户成员的规范名称

我同意Mathias的观点，但这就是使用现有代码的方法。绝对建议您只调用需要查询的属性。

Get-ADUser -Filter {Enabled -eq $true} -Properties Displayname,MemberOf |
Select-Object Displayname,
@{
Name="MemberOf"
Expression={
# ($_.MemberOf | ForEach-Object{
#    (Get-ADGroup $_ -Properties CanonicalName).CanonicalName
# }) -Join ";"

# You can pipe $_.MemberOf to Get-ADGroup, since it's an array of 
# distinguishedNames it should work fine
($_.MemberOf | Get-ADGroup -Properties CanonicalName).CanonicalName -Join ";"    
}
} | Export-Csv -Path "c:tempusers.csv" -NoTypeInformation -Encoding UTF8

该代码的替代方案，使用更经典的方法：

$users = Get-ADUser -Filter {Enabled -eq $true} -Properties DisplayName
$result = foreach($user in $users)
{
$params = @{
LDAPFilter = "(member=$($user.DistinguishedName))"
Properties = "CanonicalName"
}
$membership = (Get-ADGroup @params).CanonicalName -join ";"
[pscustomobject]@{
DisplayName = $user.DisplayName
MemberOf = $membership
}
}
$result | Export-Csv -Path "c:tempusers.csv" -NoTypeInformation -Encoding UTF8

首先，当您只需要两个属性时，不应该使用Properties *
然后，-Filter应该是字符串，而不是脚本块。

只需对您的代码进行少量调整，这就可以工作：

Get-ADUser -Filter "Enabled -eq 'True'" -Properties DisplayName, MemberOf | 
Select-Object DisplayName,
@{Name = "MemberOf"; Expression = {
($_.MemberOf | ForEach-Object {
($_ | Get-ADGroup -Properties CanonicalName).CanonicalName -Join ";" })
}
} | 
Export-Csv -Path "c:tempusers.csv" -NoTypeInformation -Encoding UTF8

查看您的最新评论，我相信您希望将组名称与组的规范名称一起加入。你可以这样做：

Get-ADUser -Filter "Enabled -eq 'True'" -Properties DisplayName, MemberOf | 
Select-Object DisplayName,
@{Name = "MemberOf"; Expression = {
$_.MemberOf | ForEach-Object {
$group = $_ | Get-ADGroup -Properties CanonicalName
'{0};{1}' -f $group.Name, ($group.CanonicalName -join ';')
}
}
} | 
Export-Csv -Path "c:tempusers.csv" -NoTypeInformation -Encoding UTF8