我有一个服务器列表,我必须找到一个特定的用户'adtuser',如果它是每个服务器的admin组的一部分,并输出一个文本文件。
目前我有这个脚本,它部分工作。
我有想要的输出,但是一些服务器丢失了(如果你单独检查它们是可以的),脚本需要很多时间。
Thanks in advance
Get-Content C:servers.txt | ForEach-Object {
if (-not (Test-Connection -ComputerName $_ -Count 1 -Quiet)) {
Write-Warning "Server '$_' is Unreachable hence Could not fetch data"
return
}
$computer = $_
([adsi]"WinNT://$_").Children.ForEach{
if($_.SchemaClassName -ne 'user' -and $_.Name.Value -ne 'ADTuser') {
return
}
$groups = $_.Groups().ForEach([adsi]).Name
[pscustomobject]@{
Computername = $computer
UserName = $_.Name.Value
Memberof = $groups -join ';'
Status = $groups -contains 'Administrators'
}
}
} | Out-File -FilePath C:users.txt
建议test-netconnection需要powerhshell 2.0或更高版本。.ForEach方法需要Powershell 4.0或更高版本
正如@Santiago提到的-我使用Test-Connection和-port 3389来测试Windows RDP端口。OP最初只是测试ICMP连接,这是一个糟糕的测试,因为常见的防火墙规则。
你可以测试任何已知的Windows端口,但RDP通常是相当安全的假设是打开的。NMAP(或者你的网络管理员…grin)可能会给你最好的指导。
#!/usr/bin/env powershell
Get-Content -Path $env:HOMEDRIVE/servers.txt | ForEach-Object {
if (-not (Test-Connection -ComputerName $_ -Count 1 -Quiet)) {
Write-Warning -Message ("Server '{0}' is Unreachable hence Could not fetch data" -f $_)
return
}
$computer = $_
([adsi]('WinNT://{0}' -f $_)).Children.ForEach{
if($_.SchemaClassName -ne 'user' -and $_.Name.Value -ne 'ADTuser') {
return
}
$groups = $_.Groups().ForEach([adsi]).Name
[pscustomobject]@{
Computername = $computer
UserName = $_.Name.Value
Memberof = $groups -join ';'
Status = $groups -contains 'Administrators'
}
}
} | Out-File -FilePath $env:HOMEDRIVE/users.txt
既然你问了,如果你的服务器都可以使用PowerShell 5.1或更高版本,你可以使用Get-Local*cmdlet。
从你的问题中,你特别寻找某个用户ADTuser
$userToCheck = 'ADTuser'
$servers = Get-Content -Path 'C:servers.txt'
$cred = Get-Credential -Message 'Please enter your admin credentials'
# loop through the list of servers and collect the output objects
$result = foreach ($computer in $servers) {
if (-not (Test-Connection -ComputerName $computer -Count 1 -Quiet)) {
Write-Warning -Message "Server '$computer' is Unreachable hence Could not fetch data"
# output a failed object
'' | Select-Object @{Name = 'ComputerName'; Expression = {$computer}}, UserName,MemberOf,
@{Name = 'Status'; Expression = {'Unreachable'}}
# skip processing this server and proceed with the next one
continue
}
# here we probe the server for the existance of user $userToCheck
$out = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {
$user = Get-LocalUser -Name $using:userToCheck -ErrorAction SilentlyContinue
if ($user) {
# get the names of all local groups the user is member of
$userGroups = (Get-LocalGroup | Where-Object { ($_ | Get-LocalGroupMember).SID -contains $user.SID }).Name
[PsCustomObject]@{
Computername = $env:COMPUTERNAME
UserName = $user.Name
MemberOf = $userGroups -join '; '
Status = $userGroups -contains 'Administrators'
}
}
else {
[PsCustomObject]@{
Computername = $env:COMPUTERNAME
UserName = $using:userToCheck
MemberOf = $null
Status = "User does not exist"
}
}
}
# output the object but remove extra properties PowerShell added
$out | Select-Object * -ExcludeProperty PS*, RunspaceId
}
# show in the console window
$result | Format-Table -AutoSize
# you can now use Export-Csv to output the results in a structured file you can open with Excel
$result | Export-Csv -Path 'C:users.csv' -UseCulture -NoTypeInformation