Você já precisou comparar as propriedades entre diferentes usuários do Active Directory? Desde que você tenha instalado as ferramentas do RSAT é possível ler as propriedades de usuários do AD individualmente com o cmdlet Get-ADUser. Mas, comparar suas propriedades não é fácil exceto quando você usa a função abaixo que basicamente divide as propriedades do usuário do AD em objetos individuais que podem ser comparados usando o Compare-Object:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | #Versão mínima 3.0 -Modules ActiveDirectory function Compare-User { param ( [Parameter(Mandatory)][String] $User1, [Parameter(Mandatory)][String] $User2, [String[]] $Filter =$null ) function ConvertTo-Object { process { $user = $_ $user.PropertyNames | ForEach-Object { [PSCustomObject]@{ Name = $_ Value = $user.$_ Identity = $user.SamAccountName } } } } $l1 = Get-ADUser -Identity $User1 -Properties * | ConvertTo-Object $l2 = Get-ADUser -Identity $User2 -Properties * | ConvertTo-Object Compare-Object -Ref $l1 -Dif $l2 -Property Name, Value | Sort-Object -Property Name | Where-Object { $Filter -eq $null -or $_.Name -in $Filter } } |
A seguir, um exemplo do resultado da comparação entre os usuários “student1″e “administrator”:
PS C:\> Compare-User -User1 student1 -User2 administrator
Name Value
---- -----
accountExpires 0
accountExpires 9223372036854775807
badPasswordTime 131977150131836679
badPasswordTime 131986685447368488
CanonicalName CLASS365.LOCAL/Users/Administrator
CanonicalName CLASS365.LOCAL/Users/student1
CN Administrator
CN student1
Created 08.03.2019 10:31:50
Created 02.04.2019 09:13:17
createTimeStamp 08.03.2019 10:31:50
createTimeStamp 02.04.2019 09:13:17
Description Built-in account for administering the computer/domain
Description
DistinguishedName CN=student1,CN=Users,DC=CLASS365,DC=LOCAL
DistinguishedName CN=Administrator,CN=Users,DC=CLASS365,DC=LOCAL
dSCorePropagationData ...2019 10:47:56, 08.03.2019 10:32:47, 01.01.1601 19:12:16}
dSCorePropagationData {02.04.2019 09:15:28, 01.01.1601 01:00:00}
isCriticalSystemObject True
LastBadPasswordAttempt 22.03.2019 08:56:53
LastBadPasswordAttempt 02.04.2019 10:49:04
lastLogon 131986622819726136
lastLogon 131986685566131171
LastLogonDate 02.04.2019 10:34:39
LastLogonDate 02.04.2019 09:04:41
lastLogonTimestamp 131986622819726136
lastLogonTimestamp 131986676794218709
logonCount 177
logonCount 4
logonHours {255, 255, 255, 255...}
MemberOf ...OCAL, CN=Schema Admins,CN=Users,DC=CLASS365,DC=LOCAL...}
MemberOf ...C=LOCAL, CN=Domain Admins,CN=Users,DC=CLASS365,DC=LOCAL}
Modified 03.04.2019 11:26:30
Modified 02.04.2019 09:04:41
modifyTimeStamp 03.04.2019 11:26:30
modifyTimeStamp 02.04.2019 09:04:41
msDS-User-Account-Control-Computed 8388608
msDS-User-Account-Control-Computed 0
Name Administrator
Name student1
ObjectGUID 6f5d7164-33cf-440a-af8c-3e973a1f381a
ObjectGUID ffe12d2d-cfdd-41f6-8268-41c493786f90
objectSid S-1-5-21-2389183542-1750168592-3050041687-500
objectSid S-1-5-21-2389183542-1750168592-3050041687-1128
PasswordExpired True
PasswordExpired False
PasswordLastSet
PasswordLastSet 08.03.2019 09:41:25
pwdLastSet 0
pwdLastSet 131965080857557947
SamAccountName student1
SamAccountName Administrator
SID S-1-5-21-2389183542-1750168592-3050041687-1128
SID S-1-5-21-2389183542-1750168592-3050041687-500
uSNChanged 25764
uSNChanged 24620
uSNCreated 24653
uSNCreated 8196
whenChanged 02.04.2019 09:04:41
whenChanged 03.04.2019 11:26:30
whenCreated 08.03.2019 10:31:50
whenCreated 02.04.2019 09:13:17
Name Value
---- -----
accountExpires 0
accountExpires 9223372036854775807
badPasswordTime 131977150131836679
badPasswordTime 131986685447368488
CanonicalName CLASS365.LOCAL/Users/Administrator
CanonicalName CLASS365.LOCAL/Users/student1
CN Administrator
CN student1
Created 08.03.2019 10:31:50
Created 02.04.2019 09:13:17
createTimeStamp 08.03.2019 10:31:50
createTimeStamp 02.04.2019 09:13:17
Description Built-in account for administering the computer/domain
Description
DistinguishedName CN=student1,CN=Users,DC=CLASS365,DC=LOCAL
DistinguishedName CN=Administrator,CN=Users,DC=CLASS365,DC=LOCAL
dSCorePropagationData ...2019 10:47:56, 08.03.2019 10:32:47, 01.01.1601 19:12:16}
dSCorePropagationData {02.04.2019 09:15:28, 01.01.1601 01:00:00}
isCriticalSystemObject True
LastBadPasswordAttempt 22.03.2019 08:56:53
LastBadPasswordAttempt 02.04.2019 10:49:04
lastLogon 131986622819726136
lastLogon 131986685566131171
LastLogonDate 02.04.2019 10:34:39
LastLogonDate 02.04.2019 09:04:41
lastLogonTimestamp 131986622819726136
lastLogonTimestamp 131986676794218709
logonCount 177
logonCount 4
logonHours {255, 255, 255, 255...}
MemberOf ...OCAL, CN=Schema Admins,CN=Users,DC=CLASS365,DC=LOCAL...}
MemberOf ...C=LOCAL, CN=Domain Admins,CN=Users,DC=CLASS365,DC=LOCAL}
Modified 03.04.2019 11:26:30
Modified 02.04.2019 09:04:41
modifyTimeStamp 03.04.2019 11:26:30
modifyTimeStamp 02.04.2019 09:04:41
msDS-User-Account-Control-Computed 8388608
msDS-User-Account-Control-Computed 0
Name Administrator
Name student1
ObjectGUID 6f5d7164-33cf-440a-af8c-3e973a1f381a
ObjectGUID ffe12d2d-cfdd-41f6-8268-41c493786f90
objectSid S-1-5-21-2389183542-1750168592-3050041687-500
objectSid S-1-5-21-2389183542-1750168592-3050041687-1128
PasswordExpired True
PasswordExpired False
PasswordLastSet
PasswordLastSet 08.03.2019 09:41:25
pwdLastSet 0
pwdLastSet 131965080857557947
SamAccountName student1
SamAccountName Administrator
SID S-1-5-21-2389183542-1750168592-3050041687-1128
SID S-1-5-21-2389183542-1750168592-3050041687-500
uSNChanged 25764
uSNChanged 24620
uSNCreated 24653
uSNCreated 8196
whenChanged 02.04.2019 09:04:41
whenChanged 03.04.2019 11:26:30
whenCreated 08.03.2019 10:31:50
whenCreated 02.04.2019 09:13:17
Você também pode limitar a lista de atributos que deseja comparar:
PS C:\> Compare-User -User1 student1 -User2 administrator -Filter memberof, lastlogontime, logonCount, Name
Name Value
---- -----
logonCount 177
logonCount 4
MemberOf ...ise Admins,CN=Users,DC=CLASS365,DC=LOCAL, CN=Schema Admins,CN=Users,DC=CLASS365, DC=LOCAL...}
MemberOf ...LAN, CN=Test1,CN=Users,DC=CLASS365,DC=LOCAL, CN=Domain Admins,CN=Users,DC=CCIE,DC=LAN}
Name Administrator
Name student1
Name Value
---- -----
logonCount 177
logonCount 4
MemberOf ...ise Admins,CN=Users,DC=CLASS365,DC=LOCAL, CN=Schema Admins,CN=Users,DC=CLASS365, DC=LOCAL...}
MemberOf ...LAN, CN=Test1,CN=Users,DC=CLASS365,DC=LOCAL, CN=Domain Admins,CN=Users,DC=CCIE,DC=LAN}
Name Administrator
Name student1
Achou a dica interessante? Compartilhe! Alguma sugestão? Comente…
Até a próxima.
Ótima dica mestre!
Gosto muito deste comando e o “-Filter” ajuda d+!