我需要获取名称包含 Administrator 的所有组的成员
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -like '*Administrator'}
输出:
$role.objectid
4ab7edc2-1995-4bdc-9c7d-de7d964e07df
5758628c-b15c-4522-b2d2-14003b7504f1
6131150a-93df-442f-be12-db2313e3308a
b5bd492f-e894-48d9-bfc7-a1e06b4b9e29
b5c1ee12-310f-40ef-9280-d24a2b0b1119
ba3fc590-badf-4f10-b9d3-7d5f76637349
c2c3cf45-9d07-4ee4-b4af-097a4998d92f
ccb0883c-53a8-4c72-a208-0c2fa468d2d4
d919e1b1-74b3-4024-867a-b668a3fa721f
e7677915-5fb1-4317-b583-58dc24365259
f3c465e7-b5b3-4a87-b299-f2db2e5dc003
跑步时
foreach ($roles in $role) {Get-AzureADDirectoryRoleMember -objectid $roles.ObjectId | Get-AzureADUser | select displayname,userprincipalname,$roles.DisplayName}
获得
DisplayName UserPrincipalName Helpdesk Administrator
----------- ----------------- ----------------------
user1 [email protected]
user2 [email protected]
user3 [email protected]
用户 3 是名称为管理员的多个组的成员。它仅列出名称为管理员的第一个组的成员(帮助台管理员)
答案1
为了清楚起见,我将用 $role(s) 调整单数/单数
$roles = Get-AzureADDirectoryRole | Where-Object {$_.DisplayName -like '*Administrator'}
$UserRoles = ForEach ($role in $roles) {
Get-AzureADDirectoryRoleMember -ObjectId "$($role.ObjectId)" | Get-AzureADUser |
ForEach-Object {
[PSCustomObject]@{
User = $_.DisplaName
UserPincipalName = $_.UserPincipalName
AdministratorRole= $role.DisplayName
}
}
}
然后,您可以在 User 或 UserPrincipalName 上对对象进行分组,并在一个属性中加入 AdministratorRoles。