希望有人可以解决一个简单的代码,我一直在搞乱。 我会打开说我不是一个编码器,从来没有真正做过多lessPowerShell。
问题是,起初,这是工作,按预期返回LastLogonTimeStamp。
现在,当我运行它时,我根本没有输出。
我很确定这是愚蠢的,我忽略了,但我不能弄明白。
就像我说的 – 我从来没有这方面的经验 – 我不知道代码的意思是什么。
有人可以帮我吗?
# Script to list member of VDI Desktop Users Group # and export details to c:\VDIlastlogon.csv file # [email protected] 24/11/14' # Function get-NestedMembers # List the members of a group including all nested members of subgroups Import-Module ActiveDirectory function get-NestedMembers ($group){ if ($group.objectclass[1] -eq 'group') { write-verbose "Group $($group.cn)" $Group.member |% { $de = new-object directoryservices.directoryentry("LDAP://$_") if ($de.objectclass[1] -eq 'group') { get-NestedMembers $de } Else { $de } } } Else { Throw "$group is not a group" } } # get a group $group = new-object directoryservices.directoryentry("LDAP://CN=VDI Desktop Users,ou=Groups,ou=x,ou=uk,dc=uk,dc=x,dc=com") # Get all nested members and send to CSV file get-NestedMembers $group|FT @{l="First Name";e={$_.givenName}},@{l="Last Name";e={$_.sn}},@{l="Last Logon";e={[datetime]::FromFileTime($_.ConvertLargeItegerToInt64($_.lastLogonTimestamp[0]))}},sAMAccountName | tee c:\VDILastLogon.csv #Send CSV file to mail recipient $PSEmailServer = "mail.x.net" $smtpServer = "mail.x.net" $file = "c:\VDILastLogon.csv" $att = new-object Net.Mail.Attachment($file) $msg = new-object Net.Mail.MailMessage $smtp = new-object Net.Mail.SmtpClient ($smtpServer) $msg.From = "[email protected]" $msg.To.Add("[email protected]") $msg.Subject = "User logon report from VDI Solution" $msg.Body = "Please find attached the most recent user logon report" $msg.Attachments.Add($att) $smtp.Send($msg) $att.Dispose() 如果您导入AD PowerShell模块,则不需要使用额外的目录服务对象(至less在此情况下不需要)。 您可以使用带有-Resursive的Get-ADGroupMember cmdlet,它也应该可以find您的嵌套用户。
编辑:我添加了到AD cmdlet的-Server参数,所以你可以指定特定的DC。 时间戳属性可能会有所不同(它们在我的12个DC中也是如此)。 检查这个博客的体面的写作。
这会得到最后一次login时间,并且更容易阅读:
$groupname = "name_of_AD_group" Import-Module ActiveDirectory Get-ADDomainController -Filter * | % { $DC = $_ $group = Get-ADGroup -Identity $groupname -Server $DC.Name -ErrorAction SilentlyContinue If ($group) { $members = Get-ADGroupMember -Identity $group.Name -Recursive -Server $DC.Name -ErrorAction SilentlyContinue ForEach ($member In $members) { If (-not $member.objectClass -ieq "user") { Continue } $user = Get-ADUser $member.SamAccountName -Server $DC.Name -ErrorAction SilentlyContinue If ($user) { $lastlogon = ($user | Get-ADObject -Properties lastLogon).LastLogon New-Object PSObject -Property @{ "First Name" = $user.GivenName "Last Name" = $user.Surname "DC" = $DC.Name "Last Logon" = [DateTime]::FromFileTime($lastlogon) "SamAccountName" = $user.SamAccountName } } Else { # $user not found on $DC } } } Else { # $groupname not found on $DC } } | ft -auto
这是一个黑客,但它的作品。 从Microsoft文章中获取Get-ADUserLastLogon( http://technet.microsoft.com/en-us/library/dd378867%28v=ws.10%29.aspx )
Import-Module ActiveDirectory function Get-ADUserLastLogon([string]$userName) { $dcs = Get-ADDomainController -Filter {Name -like "*"} $time = 0 foreach($dc in $dcs) { $hostname = $dc.HostName $user = Get-ADUser $userName | Get-ADObject -Properties lastLogon if($user.LastLogon -gt $time) { $time = $user.LastLogon } } $dt = [DateTime]::FromFileTime($time) return $dt } function get-NestedMembers ($group){ if ($group.objectclass[1] -eq 'group') { write-verbose "Group $($group.cn)" $Group.member |% { $de = new-object directoryservices.directoryentry("LDAP://$_") if ($de.objectclass[1] -eq 'group') { get-NestedMembers $de } Else { $de } } } Else { Throw "$group is not a group" } } # get a group $group = new-object directoryservices.directoryentry("LDAP://CN=Domain Users,CN=Users,DC=yourdomain,DC=com") # Get all nested members and send to CSV file get-NestedMembers $group|FT @{l="First Name";e={$_.givenName}},@{l="Last Name";e={$_.sn}},@{l="Last Logon";e={Get-ADUserLastLogon($_.sAMAccountName)}},sAMAccountName | tee c:\VDILastLogon.csv