创建 NTFS 报告并显示用户帐户是否已启用或禁用

tag-icon tag-icon microsoft-excel permissions powershell ntfs
创建 NTFS 报告并显示用户帐户是否已启用或禁用

我被要求更新别人创建的脚本,但我遇到了麻烦。该脚本用于收集特定文件夹的 NTFS 权限。该脚本当前输出文件夹名称、有权访问该文件夹的组/用户及其权限。我想添加一个列来显示帐户是启用还是禁用。我终其一生都无法弄清楚如何将用户帐户是启用还是禁用添加到对象中。这是我目前正在使用的代码。我尝试进行一些修改以填充“已启用”列,但没有成功。我对 powershell 还很陌生,所以希望这有意义!

谢谢

$FoldersToCheck = "P:\Companies\"

import-module activedirectory

Function ReportNTFS($p) {
    $temp = Get-ChildItem -Directory -Name -Path $p -Force -Depth 0
    $fullPath += ,$p
    ForEach ($x in $temp) {
        $fullPath += ,($p + $x)
    }
    $Output = @()
    $Properties = [ordered]@{'Folder Name'="Starting Folder: "+$p;'Group/User'='';'Enabled'='';'Permissions'=''}
    $Output += New-Object -TypeName PSObject -Property $Properties
    $Properties = [ordered]@{'Folder Name'='';'Group/User'='';'Enabled='='';'Permissions'=''}
    $Output += New-Object -TypeName PSObject -Property $Properties

    ForEach ($global:Folder in $fullPath) {
        $a,$b = $global:Folder -split $p,2,"simplematch"
#Write-Host "path: "  $b
       $Acl = Get-Acl -Path $global:Folder
       ForEach ($Access in $Acl.Access) {
           $Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights}
           $Output += New-Object -TypeName PSObject -Property $Properties

           $thisShortID = $Access.IdentityReference -split "QUANTA\\"
           $groupList = $null
           try { $groupList = Get-ADGroupMember -Identity $thisShortID[1] | select name  }
           catch { <# not a group #> }
           finally {
#Write-Host "*is group " 
               ForEach ($u in $groupList) {
                   $Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=' --> '+$u.name;'Permissions'=$Access.FileSystemRights}
                   $Output += New-Object -TypeName PSObject -Property $Properties
                }
           }

      try{
          $global:Enabled = Get-ADGroupMember -Identity $thisShortID[1] | where {$_.objectclass -eq 'user'} | get-aduser | select name
           foreach ($user in $global:enabled) { Get-ADUser -Identity $user | select Enabled }
           }
           catch{}
           finally{


                   ForEach ($e in $global:enabled) {
                   $Properties = [ordered]@{'Folder Name'=".\"+$b;'Group/User'=' --> '+$u.name;'Enabled'=$e;'Permissions'=$Access.FileSystemRights}
                   $Output += New-Object -TypeName PSObject -Property $Properties
                   }
                   }

       }
       $Properties = [ordered]@{'Folder Name'='';'Group/User'='';'Enabled'='';'Permissions'=''}
       $Output += New-Object -TypeName PSObject -Property $Properties
   }
    return ,$Output
}


ForEach ($f in $FoldersToCheck) {
    $reportArray = ReportNTFS($f)
}


    $reportArray 
}

答案1

您使用 ... 迭代用户名

# Get specifics for a module, cmdlet, or function
(Get-Command -Name Search-ADAccount).Parameters
(Get-Command -Name Search-ADAccount).Parameters.Keys
Get-help -Name Search-ADAccount -Examples
<#
# Results

Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A
Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A
Search-ADAccount -AccountExpired | FT Name,ObjectClass -A
Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Jeff Phillips               user
Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A
Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A
Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A
Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
#>
Get-help -Name Search-ADAccount -Full
Get-help -Name Search-ADAccount -Online

...因此,当您循环遍历用户名时将此 cmdlet 添加到您的代码中。

相关内容