因此,今天我被分配了從所有DL中刪除域中所有前僱員(他們在AD中擁有自己的文件夾)的任務。有沒有什麼辦法可以快速做到這一點,或者至少比單獨檢查每個成員並去除所有成員更快?從所有通訊組中刪除所有前僱員
感謝
編輯以添加更多信息:
有需要有822個用戶選項卡「成員」更新到所有通訊組列表中刪除。這將需要大約一週的時間我的團隊5(幫助臺)來篩選我們已經巨大的工作量。與所有前僱員的文件夾中的坎坷不平的小路是:
BusinessName.local \ MyBusiness \用戶\前僱員\
如果需要任何其他信息,我會更樂意提供。
編輯2:系統中有超過250個DL,所以無法提供一個列表,因爲保密性和功能性原因。
時間腳本 如果你想在這裏使用PowerShell腳本是代碼
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
$directorySearcher.SearchRoot = "LDAP://OU=YourOU,DC=YourDomain,DC=com"
$directorySearcher.PageSize = 1000
$directorySearcher.Filter = "(&(objectCategory=User))"
$directorySearcher.SearchScope = "Subtree"
$directorySearcher.PropertiesToLoad.Add("name")
$searchResults = $directorySearcher.FindAll()
foreach ($result in $searchResults)
{$objItem = $result.Properties
"Name: " + $objItem.name
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$userPrincipal = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($contextType,$objItem.name)
$userGroups = $userPrincipal.GetGroups()
foreach($userGroup in $userGroups){
if ($userGroup.IsSecurityGroup -eq 0) #Distribution Group Only
{
"Removing - " + $userGroup.SamAccountName
$userGroup.Members.Remove($userPrincipal)
$userGroup.Save()
}
}
}
對於.NET這裏是代碼
using System;
using System.Collections;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
namespace RemoveFromDistributionGroups
{
class Program
{
private static string sDomain;
private static string sDefaultOU;
private static string sServiceUser;
private static string sServicePassword;
static void Main(string[] args)
{
try
{
Console.Write("Type your Domain (i.e: yourcompany.com) ");
sDomain = Console.ReadLine();
Console.Write("Type the OU you want to use: (i.e: OU=yourou,DC=yourcompany,DC=com)");
sDefaultOU = Console.ReadLine();
Console.Write(@"Username: (i.e.: YOURDOMAIN\Raymund)");
sServiceUser = Console.ReadLine();
Console.Write("Password: ");
sServicePassword = Console.ReadLine();
foreach (UserPrincipal user in GetAllUsers())
{
Console.WriteLine("Processing User : " + user.Name);
foreach (GroupPrincipal group in GetUserGroups(user))
{
if (group.IsSecurityGroup == false) //Distribution Group
{
group.Members.Remove(user);
group.Save();
}
}
}
Console.WriteLine("Done! Press a key to exit");
Console.ReadLine();
}
catch (Exception ex)
{
Console.WriteLine("Error Encountered : " + ex.Message);
Console.WriteLine("Press a key to exit");
Console.ReadLine();
}
}
public static PrincipalContext GetPrincipalContext(string sOU)
{
PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, sDomain, sOU, ContextOptions.Negotiate, sServiceUser, sServicePassword);
return oPrincipalContext;
}
public static ArrayList GetAllUsers()
{
ArrayList myItems = new ArrayList();
PrincipalSearcher oPrincipalSearcher = new PrincipalSearcher();
UserPrincipal oUserPrincipal = new UserPrincipal(GetPrincipalContext(sDefaultOU));
oUserPrincipal.SamAccountName = "*";
oUserPrincipal.Enabled = true;
oPrincipalSearcher.QueryFilter = oUserPrincipal;
((DirectorySearcher)oPrincipalSearcher.GetUnderlyingSearcher()).PageSize = 5000;
PrincipalSearchResult<Principal> oPrincipalSearchResults = oPrincipalSearcher.FindAll();
foreach (Principal oResult in oPrincipalSearchResults)
{
myItems.Add(oResult);
}
return myItems;
}
public static ArrayList GetUserGroups(UserPrincipal oUserPrincipal)
{
ArrayList myItems = new ArrayList();
PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetGroups();
foreach (Principal oResult in oPrincipalSearchResult)
{
myItems.Add(oResult);
}
return myItems;
}
}
}
也請大家注意,在$directorySearcher.SearchRoot或sDefaultOU你需要使用你的前僱員所在的OU(或你所稱的文件夾),我認爲在你的情況下,如果在Powershell或中使用"LDAP://OU=Ex-Employees,OU=Users,OU=MyBusiness,DC=BusinessName,DC=local" 210如果在.Net代碼中使用
是否要通過用戶界面手動點擊或通過編寫代碼來編程?如果是這樣的話:什麼語言/環境? – 2012-02-21 15:43:53
我寧願用自動化的方式來做,因爲有822個用戶需要檢查/修剪。手動將花費太長時間。無論是通過ui和做某種形式的批量用戶管理,還是通過腳本,對我來說都沒問題。 – HunderingThooves 2012-02-21 16:43:17