1. 首頁
  2. 問答
  3. Powershell批量查找ActiveDirectory對象

Powershell批量查找ActiveDirectory對象

2012-04-30 30 views
5

我想開發一個PowerShell腳本來幫助AD組成員管理。我們有幾個大組(30k-60k +對象),我們想用另一個系統的數據來更新。Powershell批量查找ActiveDirectory對象

該腳本從文本文件加載應該在組中的對象。然後每個對象必須使用System.DirectoryServices.DirectorySearcher位於AD中。之後,每個對象被添加到組成員身份。

該腳本花費其80%的時間查找每個對象,是否有一種批量的方式來找到AD中的對象與powershell?

謝謝!

來源

2012-04-30 klyd

回答

3

這是根據我的經驗查詢AD的快速方式,您需要更改查詢以查找特定對象,在此代碼中您可以找到$objRecordSet中的所有用戶/人員對象。

$Ads_Scope_SubTree = 2   
$objConnection = new-Object -com "ADODB.Connection" 
$objCommand = new-Object -com "ADODB.Command" 

$objConnection.Provider = "ADsDSOObject" 
$objConnection.Open("Active Directory Provider") 
$objCommand.ActiveConnection = $objConnection 

$objCommand.Properties.Item("Page Size").value = 1000 
$objCommand.Properties.item("Searchscope").value = $Ads_Scope_SubTree 

$objCommand.CommandText = "Select Name From 'LDAP://DC = int, DC= my, DC = local' Where objectCategory = 'Person'" 

$objRecordSet = $objCommand.Execute() 
$objRecordSet.RecordCount

更多info here

來源

2012-04-30 21:26:35

+0

翻看我的老q問題和注意我從來沒有接受過這個答案。這大概是我最終做的。 – klyd

1

你或許可以嘗試System.DirectoryServices.Protocols (S.DS.P)本機(非託管)的版本是很有效的。

這裏是一個PowerShell啓動腳本:

# ADDP-Connect.PS1 

Clear-Host 
# Add the needed assemblies 
Add-Type -AssemblyName System.DirectoryServices.Protocols 

# Connexion 
$serverName = "WM2008R2ENT" 
$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName 

$userName = "JPB" 
$pwd = "PWD" 
$domain = "Dom" 
$ADDPConnect.Credential = New-Object system.Net.NetworkCredential -ArgumentList $userName,$pwd,$domain 

# Create a searcher 
$searchTargetOU = "dc=dom,dc=fr" 
$searchFilter = "(samAccountName=user1)" 
$searchScope = [System.DirectoryServices.Protocols.SearchScope]::Subtree 
$searchAttrList = $null 

foreach($user in "user1","user2","user3") 
{ 
    $searchFilter = "(samAccountName=$user)" 
    $searchRequest = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $searchTargetOU,$searchFilter,$searchScope,$searchAttrList 

    $searchResponse = $ADDPConnect.SendRequest($searchRequest) 

    foreach($searchEntries in $searchResponse.Entries) 
    { 
    $searchEntries.DistinguishedName 
    } 
}

來源

2012-05-01 19:50:06 JPBlanc

0

下面可以幫你執行

$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName 
$ADDPConnect.Timeout = "1000"

來源

2012-06-19 15:41:56

1

過程中看到的超時問題,如果你開始看到超時問題,然後設置超時參數適當喜歡如下所示

$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName 
$ADDPConnect.Timeout = "1000"

來源

2012-06-19 16:02:29

相關問題

 相關問題