如何在 PowerShell 中迭代嵌套的 ResultPropertyValueCollections?

tag-icon tag-icon powershell active-directory
如何在 PowerShell 中迭代嵌套的 ResultPropertyValueCollections?

我是 AD 和 Powershell 脚本的新手。以下是我理解的内容。我正在搜索 AD 组并收到一个ResultPropertyValueCollection,如果该组有成员,则该member.count属性大于零。然后我想遍历该组的每个成员,看看它们是否也是组,如嵌套组,如果是,则继续递归。

我有的是这个

$currentGroup = $Result.Properties.member
while ($currentGroup.Properties.member.count -gt 0) {
    $currentGroup = $currentGroup.Properties.member
}

但是,在第一行进行分配后,我无法.Properties.member.count调用$currentGroup

在此处输入图片描述

看起来它只有Object方法。

但奇怪的是,它确实返回了类型ResultPropertyValueCollection

更新:

顶级组如下所示:

PS C:\Users\CLIENT> $Result.Properties

Name                           Value                                                                                       
----                           -----                                                                                       
objectclass                    {top, group}                                                                                
usnchanged                     {12814}                                                                                     
whencreated                    {8/15/2019 4:47:50 PM}                                                                      
name                           {Secret_Group}                                                                              
adspath                        {LDAP://gdfgd.corp.com/CN=Secret_Group,OU=CorpGroups,DC=corp,DC=com}                         
  
member                         {CN=Nested_Group,OU=CorpGroups,DC=corp,DC=com} # (*) <-- Nested group is member                                              
samaccounttype                 {268435456}                                                                                 
objectcategory                 {CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=com}                                        
[omitted for brevity]

我知道Nested_Group又有一个组成员,如果可能的话,我想递归地钻取所有组。请注意,我只想使用基本的 PowerShell 功能来执行此操作。

更新2

获取逻辑$Result

# 0: Get Domain:
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$user = "user
$pw = "pw

# 1: Get Hostname of Primary Domain Controller
$PdcHostName = $domain.PdcRoleOwner.Name

# 2: Assemble distinguished name of domain
$DN = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
$DN = "DC=" + $DN.Replace('.', ',DC=')

# 3: Assemble LDAP provider path
$LDAPPath = "LDAP://" + $PdcHostName + "/" + $DN


# 4: Instantiate Directory Searcher
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$LDAPPath)

# 4a: Specify search root
$SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($LDAPPath, "$domain.name\$user", $pw)
$Searcher.SearchRoot = $SearchRoot

# 5: Set Filter
$Searcher.Filter = "(&(name=Outer_Most_Group_Name)(objectClass=Group))"

# 6: Perform search
$Result = $Searcher.FindAll()

答案1

类似这样的方法似乎有效

$CurrentGroup = $Result
while($CurrentGroup.properties.member.count -gt 0) {
    # Get Common Name
    $nestedGroupName = $CurrentGroup.properties.member.Split(',')[0].Split('=')[1]

    $Searcher.Filter = "name=$nestedGroupName"
    $CurrentGroup = $Searcher.FindAll()
    # Do something with $CurrentGroup...
}

相关内容