powershell - 在 windows server 2008 r2 上使用 csv 文件将 AD 用户添加到安全组

Question

我正在尝试通过 PowerShell AD 将我的用户添加到 AD 组。这是我当前的代码：

Import-Module ActiveDirectory                  #Import the active directory module
Import-CSV C:\Userlist.csv | ForEach {         #Import the csv file and start the for   each statement.

$groups =@{
grouparray = $_.group.split(',')
};
$user = @{                                 #Create the user variable and set the   values within
name=$_.name                       #Call the name field from the csv file
givenname=$_.givenname                 #Callthe givenname field from the csv  file.
surname=$_.surname                 #call the surname field from the csv file
samaccountname=$_.samaccountname           #Call the samaccountname field from the csv file
department=$_.department               #call the department field from the csv file.
accountpassword=(ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)  #set the password
homedirectory=$_.homedirectory             #Call the homedirectory field
emailaddress=$_.emailaddress            #call the email address field
mobilephone=$_.mobilephone          #call the mobile phone field
Path="Ou=People,dc=G3Zone,dc=local"  #Path to the OU    "People"    
Enabled=$True                           #enable the account
};#@   

   New-ADUser @user                     #Create the new user with the        information gathered fromthe csv.
   add-ADGroupMember -Identity  @groups –member $_.samaccountname
  } #endforeach

这是我的 csv 文件：

name,givenname,surname,samaccountname,department,group,accountpassword,homedirectory,mobilephone,emailaddress
"Todd Fast",Todd,Fast,Tfast,President,ManagerGroup,P@ssword1,\\Group3\homedirs\Tfast,111-1111,Tfast@G3Zone.local
"Joe Doe",Joe,Doe,Jdoe,Accounting VP,"ManagerGroup,AccountingGroup",P@ssword1,\\Group3\homedirs\Jdoe,111-1112,JDoe@G3Zone.local
"Elaine Irving",Elaine,Irving,Eirving,HR VP,"ManagerGroup,HRGroup",P@ssword1,\\Group3\homedirs\Eirving,111-1113,EIrving@G3Zone.local
"Jane Malzur",Jane,Malzur,Jmalzur,Executive Assistant,"ManagerGroup, Corporate",P@ssword1,\\Group3\homedirs\Jmalzur,111-1114,JMalzur@G3Zone.local
Mike Fox,Mike,Fox,Mfox,IS VP,"ManagerGroup,ISGroup",P@ssword1,\\Group3\homedirs\Mfox,111-1115,MFox@G3Zone.local
Julie Cash,Julie,Cash,Jcash,Accounting,AccountingGroup,P@ssword1,\\Group3\homedirs\Jcash,111-1116,JCash@G3Zone.local
Manny Greene,Manny,Greene,Mgreene,Accounting,AccountingGroup,P@ssword1,\\Group3\homedirs\Mgreene,111-1117,MGreene@G3Zone.local
Russ Maine,Russ,Maine,Rmaine,HR,HRGroup,P@ssword1,\\Group3\homedirs\Rmaine,111-1118,RMaine@G3Zone.local
Paul Lam,Paul,Lam,Plam,HR,HRGroup,P@ssword1,\\Group3\homedirs\Plam,111-1119,PLam@G3Zone.local
Tom Scerbo,Tom,Scerbo,Tscerbo,HR,HRGroup,P@ssword1,\\Group3\homedirs\Tscerbo,111-1120,TScerbo@G3Zone.local
Kate McCool,Kate,McCool,KMcCool,HR,HRGroup,P@ssword1,\\Group3\homedirs\KMcCool,111-1121,KMcCool@G3Zone.local
Lech Walsh,Lech,Walsh,Lwalsh,IS,ISGroup,P@ssword1,\\Group3\homedirs\Lwalsh,111-1122,LWalsh@G3Zone.local
Bonnie Clive,Bonnie,Clive,Bclive,IS,ISGroup,P@ssword1,\\Group3\homedirs\Bclive,111-1123,BClive@G3Zone.local
Esther Male,Esther,Malo,Emalo,IS,ISGroup,P@ssword1,\\Group3\homedirs\Emalo,111-1124,EMalo@G3Zone.local

我得到的错误是：

Add-ADGroupMember : Missing an argument for parameter 'Identity'. Specify a par
ameter of type 'Microsoft.ActiveDirectory.Management.ADGroup' and try again.
At C:\test2.ps1:26 char:29
+  add-ADGroupMember -Identity <<<<   @groups -member $_.samaccountname
    + CategoryInfo          : InvalidArgument: (:) [Add-ADGroupMember], Parame
   terBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Manage
   ment.Commands.AddADGroupMember

另外，如果可能的话，我希望能够创建它们并将它们添加到他们自己的主目录中。

Answer 1

嘿伙计们，我想通了，我想我毕竟不会失败：）

#Importing the Users
Import-CSV C:\Users\Administrator\Desktop\users.csv | foreach-object {New-ADUser -Name  $_.Name -GivenName $_.FirstName -Surname $_.LastName -Enabled $True -PasswordNeverExpires $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) -ChangePasswordAtLogon $False -Department $_.Department -EmailAddress $_.Email -OfficePhone $_.Phone -Path $_.Path -SamAccountName $_.SamAccountName -Title $_.Title -UserPrincipalName $_.UPN}

#Adding the Users to the Groups
Import-CSV C:\Users\Administrator\Desktop\Powershell\usergroups.csv | ForEach-Object {
$SAM = $_.SAM
$Group = $_.Group
$Groups = $Group.split(" ")
foreach($l in $Groups){
Add-ADGroupMember -Identity $l -Member $SAM
}
}

Answer 2

我没有使用，而是Add-ADGroupMember使用Add-ADPrincipalGroupMembership -Identity $instloginID -MemberOf $instGroup. 这对我来说很有用。

我对您为什么将信息放入数组中感到有些困惑。我不是专业人士；仅运行豪华约 2.5 年。所以我的问题对我的利益和对你的利益一样重要。阵列是否使它运行得更快？我将用户定义的每个部分都插入到自己的变量中，然后这样做。代码看起来更直接，并且可能更容易维护。

我创建主目录的代码：

function Create-HomeDirs ($Synonym, $Number2Make, $studhomedir) 
{
###################################################################################
# This function creates student home directories. It also assigns permissions.    #
###################################################################################

    for ($i=1; $i -le $Number2Make; $i++)                           # Create homedirs from synonym                                       
        {
        $NewUser = ($Synonym + $i.ToString("00"))                   # Pad last two digits with zeroes so you get xxxxx01 instead of xxxxx1 
        $HomeDir = "$studhomedir\$NewUser"
        $Principal= "domain\$NewUser"

        write-host "HomeDir Being Created = $HomeDir"
        New-Item ($HomeDir) –Type Directory

        }   #end for
#
# The piece that assigns permissions sometimes fails due to sync problems. 
# This is why I put the "read-host" command in the code, to slow it down.
#  
$x = (read-host "`nReady to do permisisons? Press <Enter> to continue.")
   for ($i=1; $i -le $Number2Make; $i++)                           # Add permissions to homedirs                                       
     {
        $NewUser = ($Synonym + $i.ToString("00"))                   # Pad last two digits with zeroes so you get xxxxx01 instead of xxxxx1 
        $HomeDir = "$studhomedir\$NewUser"
        $Principal= "domain\$NewUser"
        write-host "newuser = $newuser. Homedir = $homeDir. Principal = $principal"
        write-host "HomeDir Permissions being created = $HomeDir"

        $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"                      # This line and next 3 put security settings in variables 
        $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
        $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 
        $objType =[System.Security.AccessControl.AccessControlType]::Allow 

        $objACE=New-Object System.Security.AccessControl.FileSystemAccessRule($Principal, $Rights, $InheritanceFlag, $PropagationFlag, $objType) 
        $objACL = Get-ACL $HomeDir                                                        # Get existing ACL for home directory

        $objace

        if ($objACe)
           {
           $objACL.AddAccessRule($objACE)                                                    # Add ACE to this ACL

           Set-ACL $HomeDir $objACL                                                          # Put modified ACL back on home directory
           }
        else
           {write-host "objACL appears to be empty, line 359"}
     }   #end for

} # 结束函数 Create-HomeDirs

Answer 3

它正在寻找组标识，该标识从组数组中省略，需要作为 $_ 插入。多变的。