问题描述
我遇到了使用 Get-ADUser -Properties *
时未枚举特定属性的情况。例如,即使存在,以下代码也不会列出 msDS-UserPasswordExpiryTimeComputed
属性,我可以将其指定为 -Properties
参数,使其返回并可以处理其值。
I've run into a case where specific properties are not enumerated when using Get-ADUser -Properties *
. For example the following code does not list the msDS-UserPasswordExpiryTimeComputed
property even though it exists and I can specify it as a -Properties
argument, have it return, and can process its value.
# Does not return msDS-UserPasswordExpiryTimeComputed
Get-ADUser username -Properties *
# This works to get the msDS-UserPasswordExpiryTimeComputed attribute returned
Get-ADUser username -Properties msDS-UserPasswordExpiryTimeComputed
# If I really want all properties and this one
# I have to specify it alongside *
Get-ADUser username -Properties *, msDS-UserPasswordExpiryTimeComputed
这不仅仅是显示中省略属性的情况,我需要明确声明 msDS-UserPasswordExpiryTimeComputed
属性,否则在结果对象上根本不可用。
This isn't just a case of the property being omitted from the display, I need to explicitly state the msDS-UserPasswordExpiryTimeComputed
property or else it simply isn't available on the resulting object.
我已经知道对 Prope进行过滤rties *
在大多数情况下不是一个好主意,但是我很好奇为什么在我恰恰要问cmdlet时为什么未列举所有 AD DS属性
I already know filtering on Properties *
isn't a good idea in most cases, but I'm curious about why all AD DS attributes are not enumerated when this is precisely what I am asking the cmdlet to do.
此问题询问的是 Get-ADUser
,但与大多数其他使用<$ c $的行为一样c> Get-ADObject cmdlet我认为这种行为扩展到了大多数(如果不是全部)。
This question is asking about Get-ADUser
but like most other behaviors with the Get-ADObject
cmdlets I assume this behavior extends to most, if not all, of them.
推荐答案
答案似乎是 ADObject
-默认
,扩展
和构造的
是这些示例。
The answer seems to be that there are multiple types of attributes on an ADObject
- Default
, Extended
, and Constructed
are some examples of these.
<$在匹配特定类型 ADObject ADObject
查询中返回c $ c> Default 属性>(( ADUser
有自己的默认属性集, ADGroup
有自己的默认属性,等等)
Default
properties are returned on all ADObject
queries matching a specific type of ADObject
(ADUser
has its own set of default properties, ADGroup
has it's own set, etc.)
扩展
属性默认情况下不返回,而是隐式枚举 ADObject
上的静态属性。
Extended
properties are not returned by default but are implicitly enumerable static attributes on an ADObject
.
已构造
属性不是静态属性,而是根据属于 ADObject
的其他属性的值计算的。我找不到任何相关信息,但我想枚举所有 Constructed
属性可能是一项昂贵的操作,因为计算了值,因此需要通过 Get-ADObject
cmdlet的属性
参数明确请求。
Constructed
attributes are not static properties but are calculated based on the values of other attributes belonging to an ADObject
. I could not find any info on this, but I imagine that enumerating all Constructed
attributes can be an expensive operation since the values are computed, and as such need to be explicitly requested via the -Properties
parameter of the Get-ADObject
cmdlets.
这似乎都与 ADObject
上的 systemFlags
属性有关,是设置属性类型的位置。我的怀疑(我尚未广泛测试该理论)是具有构造(4)
或非复制(2)标志需要明确指定,以便从
cmdlet
返回。
This all seems to be related to the
systemFlags
attribute on an ADObject
, which is where the attribute types are set. My suspicion (I have not tested this theory extensively) is that attributes with either the Constructed (4)
or Non-Replicated (2)
flag need to be explicitly specified to be returned from the cmdlet
.
这篇关于指定所有属性时,Get-ADUser不会返回所有可能的AD属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!