针对 Active Directory 运行查询的 Powershell 脚本

Question

我有以下 Powershell 脚本：

$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$SearchString = "LDAP://"
$SearchString += $PDC + "/"
$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))"
$SearchString += $DistinguishedName
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.SearchRoot = $objDomain
$Searcher.filter="samAccountType=805306368"
$Result = $Searcher.FindAll()
Foreach($obj in $Result)
{
    Foreach($prop in $obj.Properties)
    {  
        $prop
    }
    Write-Host "------------------------"
}

我需要对此进行修改以执行以下操作，但我不确定如何应用正确的过滤器，我认为需要进入$Searcher.filter：

1. 将脚本更改为仅返回 Domain Admins 组的成员。
2. 更改脚本以返回域中的所有计算机。
3. 添加过滤器以仅返回运行 Windows 10 的计算机。

Answer 1

您可以执行以下操作：

$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$searchString = "LDAP://{0}/DC={1}" -f $PDC,$domainObj.Name.Replace('.', ',DC=')
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.SearchRoot = $objDomain

# Domain Admins
$Searcher.filter='samAccountName=Domain Admins'
$DAs = $Searcher.FindAll().Properties.Member

# All Computers
$Searcher.filter='objectClass=Computer'
$Computers = $Searcher.FindAll()

# Windows 10
$Computers | Where {
    $_.Properties.OperatingSystemVerison -match '^10\D' -and $_.Properties.OperatingSystem -notmatch 'Server'
}

Answer 2

获取所有域管理员（在广告组“管理员”中）：

Get-ADGroupMember -Identity Administrators

获取使用 Windows 10 的计算机

Get-ADComputer -Filter {operatingsystem -like 'Windows 10*'}

参考请看：

• https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer?view=win10-ps
• https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroupmember?view=win10-ps