powershell 是AD组的用户成员

Posted 2021-05-23

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了powershell 是AD组的用户成员相关的知识，希望对你有一定的参考价值。

# IsMember.ps1
# PowerShell program to check security group membership in Active Directory.
# Author: Richard Mueller
# PowerShell Version 1.0
# July 5, 2011

# Hash table of security principals and their security group memberships.
$GroupList = @{}

Function IsMember 
{
     param
     (
         [Object]
         $ADObject,

         [Object]
         $GroupName
     )

    # Function to check if $ADObject is a member of security group $GroupName.

    # Check if security group memberships for this principal have been determined.
    If ($GroupList.ContainsKey($ADObject.sAMAccountName.ToString() + '\') -eq $False)
    {
        # Memberships need to be determined for this principal. Add "pre-Windows 2000"
        # name to the hash table.
        $GroupList.Add($ADObject.sAMAccountName.ToString() + '\', $True)
        # Retrieve tokenGroups attribute of principal, which is operational.
        $ADObject.psbase.RefreshCache('tokenGroups')
        $SIDs = $ADObject.psbase.Properties.Item('tokenGroups')
        # Populate hash table with security group memberships.
        ForEach ($Value In $SIDs)
        {
            $SID = New-Object System.Security.Principal.SecurityIdentifier $Value, 0
            # Translate into "pre-Windows 2000" name.
            $Group = $SID.Translate([System.Security.Principal.NTAccount])
            $GroupList.Add($ADObject.sAMAccountName.ToString() `
                + '\' + $Group.Value.Split('\')[1], $True)
        }
    }
    # Check if $ADObject is a member of $GroupName.
    If ($GroupList.ContainsKey($ADObject.sAMAccountName.ToString() + '\' + $GroupName))
    {
        Return $True
    }
    Else
    {
        Return $False
    }
}

# Bind to the user object in Active Directory.
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = '(&(objectCategory=person)(anr=a9316143))'
$Searcher.SearchRoot = 'LDAP://OU=Organisatie,DC=ins-dev,DC=local'
$LDAP = $Searcher.FindOne() | Select-Object -ExpandProperty Path
$User = [ADSI]"$LDAP"

# Bind to the computer object in Active Directory.
#$Computer = [ADSI]'LDAP://cn=TestComputer,ou=Sales,dc=MyDomain,dc=com'

If (IsMember $User 'GAP_VAX_Mozilla_Firefox')
{
    'User ' + $User.sAMAccountName + ' is a member of group GAP_VAX_Mozilla_Firefox'
}

If (IsMember $User 'Domain Users' -eq $True)
{
    'User ' + $User.sAMAccountName + ' is a member of group Domain Users'
}

以上是关于powershell 是AD组的用户成员的主要内容，如果未能解决你的问题，请参考以下文章

#yyds干货盘点#Windows Server之AD组策略介绍

Azure AD - B2B 用户可以查看组成员

如何通过Java中的LDAP获取AD组的所有成员

基于 Azure AD 组的登录和 MS 图形 API

Azure DevOps - 禁用项目团队中 AD 组的特定成员的项目访问权限

11.在Windows系统中内置组中啥组的成员有权限管理用户帐户