不确定是否有人可以提供帮助。我有一个脚本,它从 AD 中提取不属于安全组的所有用户。此脚本使用$excludeOUs来排除具有不需要在此组中的帐户的 OU。但是,当我运行它时,它似乎主要生成了一些帐户 健康邮箱 但他们所在的 OU 似乎在报告中显示了它们。是否需要添加某种形式的命令来排除这些命令。
# create a regex from an array of OUs to exclude by 'OR-ing' them with the pipe character
$excludeOUs = ('OU=Exchange','OU=Support Accounts','OU=Terminated Users and Computers do not use',
'OU=TerminatedEmployeesContractors','OU=TestAccounts','OU=Contractors and Consultants',
'OU=MIS Users and Groups','OU=Service Accounts','OU=Security Groups','OU=Users',
'OU=Testing','OU=Microsoft Exchange System Objects','OU=Microsoft Exchange Security Groups',
'OU=CorpServiceAccounts','OU=Elevated','OU=***','OU=*** Assets','OU=Monitoring Mailboxes','OU=Users','OU=Q_Users','OU=Microsoft Exchange System Objects' | ForEach-Object {[Regex]::Escape($_)}) -join '|'
$ExportPath = 'c:appUsersNotinSG.csv'
# get a list of objects not having any of the excluded OUs in their DistinguishedName
# and at the same time output objects with properties 'User' and 'Groups'
$grp=(Get-ADGroup 'SG_********').DistinguishedName
Get-ADUser -Filter { -not (memberof -eq $grp) -and (enabled -eq $true) } -Properties MemberOf |
Where-Object {$_.DistinguishedName -notmatch $excludeOUs} |
Select-Object @{Name = 'User'; Expression = {$_.Name}},
@{name = "OU";expression={$_.DistinguishedName.split(',')[1].split('=')[1]}}|
Export-Csv $ExportPath -NoTypeInformation
谢谢
HealthMailbox* 位于 CN=监视邮箱而不是 OU= – AdminOfThings