1. 首页
  2. 问答
  3. 查找不在组A或组B中的计算机帐户

查找不在组A或组B中的计算机帐户

2016-08-10 28 views
1

我有两个用于组策略安全筛选的安全组。这些用于每月错开Windows更新。已经出现的问题是,我无法跟上新的服务器上线。所以我想自动化一个PowerShell脚本,它会向我发送一个在A组或B组中找不到的服务器列表。我有一些代码,但我似乎无法让我的脑袋缠绕它。查找不在组A或组B中的计算机帐户

#Grab the computer names from the first security group 
    $group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install' 
    $members1 = Get-ADGroupMember -Identity $group1 | select -Expand Name 

    #Grab the computer names from the second security group 
    $group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install' 
    $members2 = Get-ADGroupMember -Identity $group2 | select -Expand Name 

    #grab all computer obejects that are servers from AD and list the names not found in either security group 
    (Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))").Name | ? { $members1 -notcontains $_.Name -and $members2 -notcontains $_.Name }

来源

2016-08-10 Tram

回答

3

您在().Name包裹你的Get-ADComputer命令,以便将返回一大堆的是name属性字符串。当您将名称字符串与计算机对象进行比较时,它不会很好地比较。试试这个方法:

#Grab the computer names from the first security group 
$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install' 
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install' 

#grab all computer obejects that are servers from AD and list the names not found in either security group 
Get-ADComputer ` 
    -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))" ` 
    -Properties MemberOf | 
Where-Object { 
    ($_.MemberOf -notcontains $Group1.DistinguishedName) -and 
    ($_.MemberOf -notcontains $Group2.DistinguishedName) 
} | 
Select-Object -ExpandProperty Name

来源

2016-08-10 19:21:55

+0

谢谢你,工作。 – Tram

+0

你能给我一个解决方案,所以我得到一些观点吗? :) –

+0

它说少于15声望点显示记录,但不会显示。 15岁时我会回来,然后再试一次。再次感谢您的快速响应。 – Tram

相关问题

 相关问题