我有一个Powershell脚本,它审计导入的CSV,并输出一个完整的CSV版本,添加列,说明CSV中的用户是否在AD中,如果是,他们是否在活动。
#CSV file to have header of "Employee" with First and Last name in each row
Echo "CSV file to import must be in c:temp folder location with header of "Employee""
$csvlocate = (Read-Host -Prompt "CSV File to import (enter in like filename.csv and make sure file is in c:temp folder)")
$csvEmployees = Import-Csv -path C:temp$csvlocate.csv
$adUsers = Get-AdUser -Filter *
foreach ($Employee in $csvEmployees) {
$Found = $adUsers | Where-Object { ($_.GivenName -eq $Employee.givenName) -and ($_.Surname -eq $Employee.surName) }
if ($Found) {
"In AD $($Employee.givenName) $($Employee.surName)."
$Employee | Add-Member -Name InAD -Value $true -MemberType NoteProperty
$Employee | Add-Member -Name Enabled -Value $Found.Enabled -MemberType NoteProperty
} else {
"Not in AD $($Employee.givenName) $($Employee.surName)."
$Employee | Add-Member -Name InAD -Value $false -MemberType NoteProperty
$Employee | Add-Member -Name Enabled -Value $false -MemberType NoteProperty
}
}
$csvEmployeesNotInAd = $csvEmployees.foreach{
$employee = @{
'CSVName' = $_.Name
'InAD' = $false
}
if ($_.Name -in $adUsers.Name) {
$employee.InAD = $true
}
[pscustomobject]$employee
}
$csvEmployees | Export-Csv -Path C:temp$csvlocate.completed.csv -NoTypeInformation -Force
当CSV吐出所有我在Enabled列中看到的是System.Object[]。知道为什么吗?
看起来,您的代码可以简化为:
Import-Csv $sourceCsv | ForEach-Object {
$filter = "(&(givenName={0})(Surname={1}))" -f $_.givenName, $_.Surname
$user = Get-AdUser -LDAPFilter $filter
$_.PSObject.Add([psnoteproperty]::new('InAd', [bool] $user))
$_.PSObject.Add([psnoteproperty]::new('Enabled', [bool] $user.Enabled))
$_
} | Export-Csv $destinationCsv -NoTypeInformation
根本不需要if/else条件,您也不需要查询所有AD用户进行此比较,这是非常低效的,或者将在具有大量用户对象的域中。
[bool] $userand[bool] $user.Enabled因为如果找不到用户,换句话说,$user是$null,通过转换[bool],我们将得到$false。
此外,拥有用户的GivenName和姓氏的CSV是个糟糕的主意。您应该使用以下其中之一:
- DistinguishedName
- objectGUID
- objectSid
- sAMAccountName