我正在尝试编写一个脚本,该脚本将根据 OU 的成员更新 AD 中的组成员资格。当我指定组名和 OU 名称然后进行比较时,这个小脚本工作正常:
$Group = "GroupA"
$OU = "OU=ContainerA,DC=DC1,DC=ccompany,DC=com"
$users = $(get-aduser -filter "*" -SearchBase $OU)
$groupmembers = Get-ADGroupMember -Identity $Group
switch (Compare-Object -ReferenceObject $groupmembers -DifferenceObject $users -property samaccountname){
{$_.SideIndicator -eq "=>"} {add-adgroupmember -identity $group -member $_.samaccountname}
{$_.SideIndicator -eq "<="} {remove-adgroupmember -identity $group -member $_.samaccountname -confirm:$false} }
}
当然,这对于单个组和 OU 来说很好,但是,我需要为大约 10 个组和 OU 执行此操作,所以与其复制粘贴整个内容 10 次,我认为聪明的方法是创建一个函数然后调用它10次。我将代码更改为函数:
Function Build ([String]$Group, [String]$OU){
$users = $(get-aduser -filter "*" -SearchBase $OU)
$groupmembers = Get-ADGroupMember -Identity $Group
switch (Compare-Object -ReferenceObject $groupmembers -DifferenceObject $users -property samaccountname){
{$_.SideIndicator -eq "=>"} {add-adgroupmember -identity $group -member $_.samaccountname}
{$_.SideIndicator -eq "<="} {remove-adgroupmember -identity $group -member $_.samaccountname -confirm:$false} }
}
Build ("GroupA", "OU=ContainerA,DC=DC1,DC=ccompany,DC=com")
Build ('GroupB", "OU=ContainerB,DC=DC1,DC=ccompany,DC=com")
但是,当我运行上述脚本时,我不断收到以下错误:
Get-ADUser : An empty SearchBase is only supported while connected to a GlobalCatalog.
您能否指出我在尝试将第一个代码转换为函数时做错了什么?
谢谢