主页 / computer / 问题 / 1749198
Accepted
Steve101
Asked: 2022-10-25 07:31:06 +0800 CST

如何更改此 Powershell 脚本以按 OU 而不是用户身份进行搜索

  • 772

我想使用下面的这个脚本,但是它被设置为搜索单个用户。

我希望有一种方法可以由 OU 指定,但也可以在任何级别上选择一个 OU?

例如,“OU=Clients”将获取该文件夹中的所有用户以及该文件夹下子文件夹中的所有用户。- 我认为powershell已经这样做了,但不确定。

Function Get-LastLogon {
    <#
    .SYNOPSIS
    Returns LastLogon information
    .DESCRIPTION
    Queries the LastLogin information for a user across domain controllers and returns the highest (latest) value
    .EXAMPLE
    Get-LastLogon User
    .EXAMPLE
    Get-LastLogon -Identity User
    .EXAMPLE
    Get-ADUser User | Get-LastLogon
    .EXAMPLE
    Get-LastLogon User1, User2
    .PARAMETER users
    List of users - pipeline can be used
    #>
    
    [CmdletBinding()]
    param
    (
    [Parameter(Position= 0,
                Mandatory=$True,
                    ValueFromPipeline=$True,
                        HelpMessage='What user would you like to find the last logon for?')]
    $identity
    )
    
    Begin {}
    
    Process {
    
        Foreach ($account in $identity) {
    
            $dateStamp = $null
            $domainController =$null

            Get-ADDomainController -Filter * | Foreach {

                $dc = $_.HostName
                
                $lastLogon = (Get-ADUser $account -Properties LastLogon -server $dc | Select-Object Name,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}}).Lastlogon
                
                If ($dateStamp -le $lastlogon)
                    {
                    $dateStamp = $lastlogon
                    $domainController = $dc
                    }
                
            } # End of ForEach
        
            $properties = @{
            Name=$account;
            LastLogon=$dateStamp;
            DomainController=$domainController}
        
            New-Object -TypeName PSObject -Prop $properties
        
        } # End of ForEach

    } # End of Process
        
    End {}          
            
} # End of Function
```c
powershell active-directory

1 个回答

  1. Best Answer

    下面是一个使用 OU 作为参数的示例,然后指定-SearchBase获取 OU 及其子文件夹中的所有 AD 用户:

    Function Get-LastLogon {
  param(
    [string]$OUName
  )

  # Get all matching OUs on any level
  $OUs = Get-ADOrganizationalUnit -Filter "Name -like '$OUName'"
  $DCs = Get-ADDomainController -Filter *

  # Get all users from each OU from each DC
  $ADUsers = Foreach ($OU in $OUs) {
    Foreach ($DC in $DCs.HostName) {
      Get-ADUser -SearchBase $OU.DistinguishedName -Filter * -Properties LastLogon -server $dc | 
        Select-Object Name,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}}
    }
  }

  # return most recent LastLogon date for each user
  $ADUsers | 
    Group Name | 
    Select Name,@{n='LastLogon';e={$_.Group.LastLogon | sort -desc | select -First 1}}
}  ## End function

Get-LastLogon -OUName 'Clients'
    • 2

相关问题