我被要求更新别人创建的脚本,但我遇到了麻烦。该脚本用于收集特定文件夹的 NTFS 权限。该脚本当前输出文件夹名称、有权访问该文件夹的组/用户及其权限。我想添加一个列来显示帐户是启用还是禁用。我终其一生都无法弄清楚如何将用户帐户是启用还是禁用添加到对象中。这是我目前正在使用的代码。我尝试进行一些修改以填充“已启用”列,但没有成功。我对 powershell 还很陌生,所以希望这有意义!
谢谢
$FoldersToCheck = "P:\Companies\"
import-module activedirectory
Function ReportNTFS($p) {
$temp = Get-ChildItem -Directory -Name -Path $p -Force -Depth 0
$fullPath += ,$p
ForEach ($x in $temp) {
$fullPath += ,($p + $x)
}
$Output = @()
$Properties = [ordered]@{'Folder Name'="Starting Folder: "+$p;'Group/User'='';'Enabled'='';'Permissions'=''}
$Output += New-Object -TypeName PSObject -Property $Properties
$Properties = [ordered]@{'Folder Name'='';'Group/User'='';'Enabled='='';'Permissions'=''}
$Output += New-Object -TypeName PSObject -Property $Properties
ForEach ($global:Folder in $fullPath) {
$a,$b = $global:Folder -split $p,2,"simplematch"
#Write-Host "path: " $b
$Acl = Get-Acl -Path $global:Folder
ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights}
$Output += New-Object -TypeName PSObject -Property $Properties
$thisShortID = $Access.IdentityReference -split "QUANTA\\"
$groupList = $null
try { $groupList = Get-ADGroupMember -Identity $thisShortID[1] | select name }
catch { <# not a group #> }
finally {
#Write-Host "*is group "
ForEach ($u in $groupList) {
$Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=' --> '+$u.name;'Permissions'=$Access.FileSystemRights}
$Output += New-Object -TypeName PSObject -Property $Properties
}
}
try{
$global:Enabled = Get-ADGroupMember -Identity $thisShortID[1] | where {$_.objectclass -eq 'user'} | get-aduser | select name
foreach ($user in $global:enabled) { Get-ADUser -Identity $user | select Enabled }
}
catch{}
finally{
ForEach ($e in $global:enabled) {
$Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=' --> '+$u.name;'Enabled'=$e;'Permissions'=$Access.FileSystemRights}
$Output += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Properties = [ordered]@{'Folder Name'='';'Group/User'='';'Enabled'='';'Permissions'=''}
$Output += New-Object -TypeName PSObject -Property $Properties
}
return ,$Output
}
ForEach ($f in $FoldersToCheck) {
$reportArray = ReportNTFS($f)
}
$reportArray
}
答案1
您使用 ... 迭代用户名
# Get specifics for a module, cmdlet, or function
(Get-Command -Name Search-ADAccount).Parameters
(Get-Command -Name Search-ADAccount).Parameters.Keys
Get-help -Name Search-ADAccount -Examples
<#
# Results
Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A
Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A
Search-ADAccount -AccountExpired | FT Name,ObjectClass -A
Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Jeff Phillips user
Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A
Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A
Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A
Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
#>
Get-help -Name Search-ADAccount -Full
Get-help -Name Search-ADAccount -Online
...因此,当您循环遍历用户名时将此 cmdlet 添加到您的代码中。