我正在尝试列出职位及其安全权限。我希望有两个列表,一个与具有该头衔的多个成员共享的安全权限列表,以及作为异常值的权限,以便我们可以更好地为具有某些工作角色的新员工制作模板。我正在使用 -contains 将安全权限与重复的安全权限相匹配,但它总是返回 false。我猜每个安全权限对每个用户都有一些独特的价值,但即使我尝试只匹配名称之类的东西,它也不起作用
这是我的代码。
#get all the users with a title and group them by title
$Titles = Get-ADUser -Filter * -Properties Title | Where-Object Title | Sort-Object Title | Group-Object Title
#loop through each group
foreach ($Title in $Titles){
#zero out outliers and shared permissions
$OutlierPermissions = @()
$SharedPermissions = @()
#loop through each user in each group
foreach ($User in $Title.Group){
$Permissions = @()
#get all the permissions of the user
$Permissions = Get-ADPrincipalGroupMembership $User | Sort-Object Name
#loop through each permission
foreach ($Permission in $Permissions){
#if this permission is shared by more than one user
if($OutlierPermissions -contains $Permission){
#and not already added
if($SharedPermissions -notcontains $Permission){
$SharedPermissions += $Permission
}
#else add to list of outliers
}else{$OutlierPermissions += $Permission}
}
}
}
我也试过
-contains $Permission.Name
$Permissions = Get-ADPrincipalGroupMembership $User | Sort-Object Name | Select Name
任何获得安全权限部分冗余的内容 有没有办法解决这个问题?
简单来说$OutlierPermissions -contains $Permission永远不会起作用,因为$Permission是ADGroup的实例,而$OutlierPermissions是ADGroup实例的集合,这些对象是不可比较或相等的,因此-contains将始终返回$false。相反,如果选择这些对象的一个具有此类功能的属性进行适当的比较,则要执行的操作,例如,可以使用.ObjectGUID属性。
如果我正确理解您的代码,则可以将其简化为以下逻辑:
$map = @{}
# get all the users with the `Title` populated
foreach($user in Get-ADUser -LDAPFilter "(title=*)" -Properties Title) {
# if this `Title` has not yet been added to the hash
if(-not $map.ContainsKey($user.Title)) {
# use a `List<T>` for dynamic additions of new groups
# and a `HasShet<T>` to not duplicate additions
$map[$user.Title] = @{
ProcessedMembership = [System.Collections.Generic.HashSet[guid]]::new()
Membership = [System.Collections.Generic.List[object]]::new()
}
}
# for each group this user is a member of
foreach($group in Get-ADPrincipalGroupMembership $user) {
# if this group has not yet already been added
if(-not $map[$user.Title]['ProcessedMembership'].Add($group.ObjectGUID)) {
# add this group to the `Membership` List for this `Title`
$map[$user.Title]['Membership'].Add($group)
}
}
}
使用Hashtable收集所有结果,其中Keys是唯一Titles,Values是一个嵌套Hashtable,由已处理ProcessedMembership组组成(这使用HashSet<T>跟踪重复项)和一个List<T>,您可以在其中保留与每个Title关联的所有组对象的引用。