Answer the question
In order to leave comments, you need to log in
A
A
Alexander Lipatov2019-09-16 18:31:52
Alexander Lipatov, 2019-09-16 18:31:52
Populating the memberUid attribute in an AD group?
Tell me good people. I can't think of the next one. There is an OU in AD, it has several dozen groups, each group has a lot of users. It is necessary to fill in the memberUid attribute in all groups based on the sAMAccountName of these very users who are in the group. From which side to dig? I searched the "entire" Internet, but did not find anything intelligible. Is there anyone who has done something like this?
2 answer(s)
@quality
A
Alexander Lipatov, 2019-09-18 @quality
In general, I decided the question, maybe it will be useful to someone:
Import-Module ActiveDirectory -ErrorAction SilentlyContinue
#
#OU с группами и группа пользователей
$oug = "OU, которая включает множество групп"
$ouu = "Ваша группа созданная в OU, или где угодно, в формате *distinguishedName*"
#Активируем пустой массив
$sg = @()
#Получаем список групп для *ваших нужд*, чтобы раздать права и что-то сделать *для ваших нужд*
$sg = Get-ADGroup -SearchBase $oug -Filter {cn -like "*"} -Properties distinguishedName |Select-Object distinguishedName
#Активируем пустой массив
$suglobal = @()
#Получаем список пользователей из созданной группы для фильтра в операторе сравнения
$suglobal = Get-ADGroupMember -Identity $ouu -Recursive | Select-Object sAMAccountName
#Поиск пользователей
foreach ($group in $sg) {
#Получаем массив групп по имени, по-строчно
$gr = $group.cn
$gr = $group.distinguishedName
foreach ($su2 in $suglobal) {
$suf = $su2.sAMAccountName
if ((Get-ADUser $suf -Properties MemberOf).MemberOf -like "$gr") {
Set-ADGroup -Identity $gr -Add @{memberUid = "$suf"}
#echo "$suf // true in $gr"
} Else { Set-ADGroup -Identity $gr -Remove @{memberUid = $suf}
#echo "$suf \\ false in $gr"
}
}
}
Similar questions
D
I
M
D
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question