检查用户是否是 AD 组列表的成员

Question

$groups = 'group1', 'group2'....

我需要检查用户是否在特定的 AD 组中，如果不在，则回显组名；我可以在管道中完成吗？

我用谷歌搜索了很多，但找不到任何东西，也许我在谷歌英语搜索方面太糟糕了:)。

$groups |
    Get-QADGroupMember |
    Get-QADUser -SamAccountName 'lalala' | ForEach-Object {
        if ($_.SamAccountName -ne $null) {
            Write-Host "ok"
        } else {
            Write-Host 'not ok'
        }
    }

我怎样才能显示：not ok. user is not ingroup_name？

Answer 1

问题是当循环遍历结果如此简单时，为什么要使用管道？

要检查用户是否是组列表的成员：

$user = "TestUsername"
$groups = 'Domain Users', 'Domain Admins'

foreach ($group in $groups) {
    $members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty SamAccountName

    If ($members -contains $user) {
        Write-Host "$user is a member of $group"
    } Else {
        Write-Host "$user is not a member of $group"
    }
}

对于多个用户：

$users = "TestUsername1", "TestUsername2", "TestUsername3"
$groups = 'Domain Users', 'Domain Admins'

foreach ($user in $users) {
    foreach ($group in $groups) {
        $members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty SamAccountName

        If ($members -contains $user) {
            Write-Host "$user is a member of $group"
        } Else {
            Write-Host "$user is not a member of $group"
        }
    }
}