1. 首頁
  2. 問答
  3. 查找不在組A或組B中的計算機帳戶

查找不在組A或組B中的計算機帳戶

2016-08-10 30 views
1

我有兩個用於組策略安全篩選的安全組。這些用於每月錯開Windows更新。已經出現的問題是,我無法跟上新的服務器上線。所以我想自動化一個PowerShell腳本,它會向我發送一個在A組或B組中找不到的服務器列表。我有一些代碼,但我似乎無法讓我的腦袋纏繞它。查找不在組A或組B中的計算機帳戶

#Grab the computer names from the first security group 
    $group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install' 
    $members1 = Get-ADGroupMember -Identity $group1 | select -Expand Name 

    #Grab the computer names from the second security group 
    $group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install' 
    $members2 = Get-ADGroupMember -Identity $group2 | select -Expand Name 

    #grab all computer obejects that are servers from AD and list the names not found in either security group 
    (Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))").Name | ? { $members1 -notcontains $_.Name -and $members2 -notcontains $_.Name }

來源

2016-08-10 Tram

回答

3

您在().Name包裹你的Get-ADComputer命令,以便將返回一大堆的是name屬性字符串。當您將名稱字符串與計算機對象進行比較時,它不會很好地比較。試試這個方法:

#Grab the computer names from the first security group 
$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install' 
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install' 

#grab all computer obejects that are servers from AD and list the names not found in either security group 
Get-ADComputer ` 
    -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))" ` 
    -Properties MemberOf | 
Where-Object { 
    ($_.MemberOf -notcontains $Group1.DistinguishedName) -and 
    ($_.MemberOf -notcontains $Group2.DistinguishedName) 
} | 
Select-Object -ExpandProperty Name

來源

2016-08-10 19:21:55

+0

謝謝你,工作。 – Tram

+0

你能給我一個解決方案,所以我得到一些觀點嗎? :) –

+0

它說少於15聲望點顯示記錄,但不會顯示。 15歲時我會回來,然後再試一次。再次感謝您的快速響應。 – Tram

相關問題

 相關問題