Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter {(Name -like "F_*" -or Name -like "G_*" -or Name -like "CAX_*")} -Properties Name, GroupCategory | Sort-Object -Property Name
$emptyGroups = @()
foreach ($group in $groups) {
# Verifica se o grupo é do tipo "Segurança"
if ($group.GroupCategory -eq 'Security') {
try {
$user = Get-ADGroupMember -Identity $group.Name -ErrorAction Stop
if ($user.Count -eq 0) {
$emptyGroups += $group.Name
}
}
catch {
Write-Host "Warning: Group '$($group.Name)' could not be found or accessed."
}
}
else {
Write-Host "Info: Group '$($group.Name)' is not a security group and will be skipped."
}
}
Write-Host "Empty Groups:"
$emptyGroups | ForEach-Object { Write-Host $_ }
我有这段代码可以在我的 AD 中搜索群组。看起来效果很好,但是有些组没有找到,我不知道原因,因为它们显然存在于我的 AD 中。你能帮我一个忙吗?
我遇到这些错误:
Warning: Group 'CAX_BOCAL_265_ORVR_G_L' could not be found or accessed.
Warning: Group 'CAX_GM_GEM_JCCC1_G_E' could not be found or accessed.
Warning: Group 'CAX_GM_GEM_JCCC1_G_L' could not be found or accessed.
抛出错误:
Não é possível localizar um object com identidade: 'CAX_BOCAL_265_ORVR_G_L' em: 'DC=myLDAP,DC=com'.
问题可能是
Get-ADGroupMember
在那些成员已被删除的组上失败,但根本不需要使用它,您可以查询所有组并获取它们的 Member
属性,然后从那里过滤Member.Count -eq 0
:
$getADGroupSplat = @{
LDAPFilter = '(&(|(name=F_*)(name=G_*)(name=CAX_*))(groupType:1.2.840.113556.1.4.803:=2147483648))'
Properties = 'Member'
}
# Get all Securty groups having Name starting with F_ or G_ or CAX_
$emptyGroups = Get-ADGroup @getADGroupSplat |
# Filter where the Member attribute count is 0
Where-Object { $_.Member.Count -eq 0 }