Mit Powershell das Active Directory abfragen
Die heutige Aufgabe in Sachen Powershell war, diverse Informationen zu ACLs (Access Controll Lists) aus dem AD auszulesen. Diverse Personen wie die Zertifizierer der Gruppe sind in Feldern wie „Mail“ und „Info“ abgelegt, diese sollen in eine Excel-Liste exportiert werden.
Die folgenden Artikel waren hilfreich, um den Code zusammenzubauen:
- http://stackoverflow.com/questions/12501257/c-sharp-populate-combobox-from-active-directory-users
- http://bittangents.com/2010/03/08/powershell-script-finding-a-distinguished-name-of-a-groupuser-function-find-dn/
- http://blogs.technet.com/b/heyscriptingguy/archive/2009/03/18/how-can-i-search-active-directory-with-windows-powershell-to-return-a-list-of-missing-groups.aspx
- http://www.rlmueller.net/UserAttributes.htm (List of AD variables)
Nachtrag vom 09.01.2013: Der unten stehende Code hat nur 1000 Zeilen abgefragt, durch das Einfügen von $searcher.pagesize=1000
ist diese Grenze aufgehoben.
# Uwe Ziegenhagen, 21.12.2012 # Path for the CSV file to be written to $outputpath = "d\groups.csv" # some AD stuff $root = [ADSI]'' # initialize the AD searcher $searcher = new-object System.DirectoryServices.DirectorySearcher($root) # which groups shall be returned $searcher.filter = "(&(objectClass=group) (CN=some-group-name*))" $searcher.pagesize=1000 # need to add the variables that shall appear in the result $searcher.PropertiesToLoad.Add("cn"); $searcher.PropertiesToLoad.Add("description"); $searcher.PropertiesToLoad.Add("mail"); $searcher.PropertiesToLoad.Add("info"); # call the finder $adfind = $searcher.findall() # first line of the output file "Group`tDescription`trole1`trole21`trole22`trole23" | out-file $outputpath -Width 300 foreach ($i in $adfind ) { # get the properties from the search result $name = "" + $i.properties.item("cn") $description = "" + $i.properties.item("description") $role1 = "" + $i.properties.item("info") # some entries include garbage like 'contact:' instead of the pure name # to get rid of whitespace I then trim everything $role1= $role1.replace("contact:","").trim() $role2 = "" + $i.properties.item("mail") # there are up to 3 role2s, split this entry into different columns $role2 = $role2.replace(",","`t") # create line $line = $name + "`t" + $description + "`t" + $role1 + "`t" + $role2 # replace carriage-returns $line.replace("`n",""); # write line to file $line | out-file -append $outputpath -Width 300 } |