PowerShell

暗香疏影 创作者

Microsoft 365 Azure AD/Entra ID笔记

安装与连接

Microsoft Learn - Connect to Microsoft 365

1
2
3
4
5
6
7
8
# 安装
Get-Module AzureAD

# 连接到Azure AD
Connect-AzureAD

# 注销
Disconnect-AzureAD

使用

1
2
3
4
5
6
7
8
# 查询用户
Get-AzureADUser

# 查询用户有什么字段可以查询
Get-AzureADUser | Get-Member -MemberType Property

# 查询用户特定字段
Get-AzureADUser | Select-Object DisplayName,UserPrincipalName,Mail,OtherMails

批量替换主要邮箱

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 批量替换主要邮箱,并跳过已经设置好正确域名的用户

Get-AzureADUser | ForEach-Object {
$user = $_
if ($user.UserPrincipalName.EndsWith("@aaa.com")) {
Write-Host "Skipping user $($user.UserPrincipalName) as primary email is already aaa.com"
} else {
$newUPN = ($user.UserPrincipalName.Split("@")[0]) + "@aaa.com"
$newOtherMails = @($user.UserPrincipalName)
Set-AzureADUser -ObjectId $user.ObjectId -UserPrincipalName $newUPN -OtherMails $newOtherMails
Write-Host "Updated user $($user.UserPrincipalName) with new UPN: $newUPN"
}
}

# 如果你的alias email不小心已经改成自定义域名邮箱, 可以通过以下方式改
Get-AzureADUser | ForEach-Object {
$user = $_
$newOtherMails = @($user.UserPrincipalName.Replace("@aaa.com", "@xxx.onmicrosoft.com"))
Set-AzureADUser -ObjectId $user.ObjectId -OtherMails $newOtherMails
Write-Host "Updated user $($user.UserPrincipalName) with new OtherMails: $($newOtherMails -join ', ')"
}

批量修改用户密码AAD版

AAD修改密码
AD修改密码
方法1:

1
2
3
4
5
6
7
8
9
10
11
12
13
# 该方法写了Write-Host,能很方便利用-WhatIf(不存在的函数)来测试是否运行如预期结果

Get-AzureADUser | ForEach-Object {
$user = $_
if ($user.UserPrincipalName.Equals("aaa@aaa.com") -or $user.UserPrincipalName.Equals("bbb@aaa.com")){
Write-Host "Skipping user $($user.UserPrincipalName) as we don't want to change admin password"
} else {
$newPassword = "otpU1294"
$securePassword = ConvertTo-SecureString -AsPlainText $newPassword -Force
Set-AzureADUserPassword -ObjectId $user.ObjectId -Password $securePassword -WhatIf
Write-Host "Updated user $($user.UserPrincipalName) with new passwrd: $securePassword"
}
}

方法2:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 先跳过管理员
$excludeUsers = @("aaa@aaa.com", "bbb@aaa.com")

# 然后输入以下命令
$users = Get-AzureADUser | Where-Object {$_.UserPrincipalName -notin $excludeUsers}

foreach ($user in $users) {
$newPassword = "otpU1294"
$securePassword = ConvertTo-SecureString -AsPlainText $newPassword -Force
Set-AzureADUserPassword -ObjectId $user.ObjectId -Password $securePassword
}


# 单独重置一个人的密码 (需要先知道他ObjectId)
Set-AzureADUserPassword -ObjectId c365b02b-f9b6-4642-a9e2-ec83cece4b02 -Password (ConvertTo-SecureString -AsPlainText "otpU1294" -Force)

批量根据ObjectID替换姓名

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Read CSV File
$csvPath = "C:\Users\AADTest\Downloads\exportUsers.csv"
$csvData = Import-Csv -Path $csvPath

# Loop Through and Update Users
foreach ($entry in $csvData) {
$user = Get-AzureADUser -ObjectId $entry.ObjectId

if ($user -ne $null) {
$updatedUser = Set-AzureADUser -ObjectId $user.ObjectId -GivenName $entry.givenName -Surname $entry.surname

Write-Host "Updated user $($user.UserPrincipalName) with new first name $($updatedUser.givenName) and last name $($updatedUser.surname)."
} else {
Write-Host "User with ObjectID $($entry.ObjectId) not found."
}
}

批量根据姓名替换邮箱

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$csvPath = "C:\Users\AADTest\Downloads\exportUsers.csv"
$csvData = Import-Csv -Path $csvPath
foreach ($row in $csvData) {
$objectId = $row.ObjectId

$user = Get-AzureADUser -ObjectId $objectId
if ($user) {

$newUPN = $user.GivenName + "." + $user.Surname + "@aaa.com"
$newDisplayName = $user.GivenName + " " + $user.Surname
$newEmailAddress = $newUPN
$newOtherMails = @($newUPN.Replace("@aaa.com", "@xxx.onmicrosoft.com"))
Set-AzureADUser -ObjectId $user.ObjectId -UserPrincipalName $newUPN -DisplayName $newDisplayName -OtherMails $newOtherMails
Write-Host "User with ObjectID $objectId update $newUPN and $newDisplayName and $newOtherMails"
} else {
Write-Host "User with ObjectID $objectId not found."
}
}

AD使用

将AD用户导出为Excel

1
2
3
4
5
6
7
8
9
10
# 
Get-ADUser -Filter * | Select-Object DistinguishedName, Name,GivenName,Surname, UserPrincipalName, employeeID | Export-Csv -Path C:\Users\Administrator\Documents\users.csv -NoTypeInformation

# 列出AD用户全部属性
Get-ADUser -Filter * -Properties * | Get-Member -MemberType Property | Select-Object Name

# 列出AD用户


Get-ADUser -Filter * | Select-Object DistinguishedName, Name,GivenName,Surname, UserPrincipalName, employeeID

AD DisplayName 最佳实践

小公司500-1000人:
First Name + Last Name + Group/BU/Department
例如: Eleanor Harrison [Vendor], Emily Johnson [Staff] ….

跨区域公司1000+人:
Preferred English Name + Last Name + First Name Initial + Site + Department 或者
Last Name + ,+ Preferred English Name + First Name Initial + Site + Department
例如:Li, Elaine X.Y. (HZ/HR)

使用 PowerShell 打造 Windows 下的顺手终端。

与 Cmder 配合使用

搭配 Cmder 一起服用,才最好。

配置文件位置

默认配置文件 ~/Documents/WindowsPowerShell/Microsoft.PowerShell_profile.ps1

Cmder 的 PowerShell 配置文件 <cmd_install_path>/config/user-profile.ps1

alias

快速进入某目录

例:通过 src 命令快速进入 d:\sources\ 目录。

1
2
3
4
5
function Enter-Sources {
cd d:\sources\
}

Set-Alias src Enter-Sources

快速打开当前文件夹

例:通过 e. 命令快速在资源管理器打开当前文件夹。

1
2
3
4
5
function Open-Current-Directory {
explorer .
}

Set-Alias e. Open-Current-Directory

git 相关命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
## gs=git status
function Git-Status {
git status
}

Set-Alias gs Git-Status

## ga=git add .
function Git-Add-All {
git add .
}

Set-Alias ga Git-Add-All

## gg=gitk
function Git-Gui {
gitk
}

Set-Alias gg Git-Gui

## gpull=git pull origin <current branch>
function Git-Pull-Current-Branch {
$currentBranch = git symbolic-ref --short -q HEAD
git pull origin $currentBranch
}

Set-Alias gpull Git-Pull-Current-Branch

## gpush=git push origin <current branch>
function Git-Push-Current-Branch {
$currentBranch = git symbolic-ref --short -q HEAD
git push origin $currentBranch
}

Set-Alias gpush Git-Push-Current-Branch

## g1=add、commit、push 一条龙
function Git-Commit-And-Push {
git add .
git commit -m $args[0]
Git-Push-Current-Branch
}

Set-Alias g1 Git-Commit-And-Push

objdump

1
2
3
4
5
function Obj-Dump {
D:\Android\sdk\ndk-bundle\toolchains\x86_64-4.9\prebuilt\windows-x86_64\bin\x86_64-linux-android-objdump.exe $args
}

Set-Alias objdump Obj-Dump

快捷键映射

从 Linux/macOS 的 bash 甚至 Windows 的 cmd 下切换过来后,发现 ctrl-u、ctrl-k 等快捷键不可用了,各种不顺手,PSReadLine 拯救你。

1
2
3
# ctrl-k, ctrl-u, ctrl-a, ctrl-e, ctrl-b, ctrl-f, etc
Import-Module PSReadLine
Set-PSReadLineOption -EditMode Emacs
  • 标题: PowerShell
  • 作者: 暗香疏影
  • 创建于 : 2015-10-01 00:00:00
  • 更新于 : 2023-08-20 00:00:00
  • 链接: https://blog.23ikr.com/2015/10/01/Wiki-Guide/2015-10-01-powershell/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论