0

我目前有一个脚本,除了两个搜索功能外,它都可以正常工作。Active 用户搜索仅限于两个 OU,Disabled 用户仅限于单独的 2 个 OU。这都包含在执行所有 AD 搜索的 while 循环中。我很难让这两个子搜索工作。无论如何,它们都会返回所有 AD 用户的结果。我在 Disabled 搜索中有几个不同的版本。

我试图让它在特定的 OU 中搜索用户,如果不存在,则显示消息说找不到用户。

    #Requires -Version 2.0
#Connection and Startup Strings
cls
Import-Module ActiveDirectory
if ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null ){
Add-PSSnapin Quest.ActiveRoles.ADManagement
}


#-Set Window title
$host.UI.RawUI.WindowTitle = $MyInvocation.MyCommand.Name + " - " + (Get-Item $MyInvocation.MyCommand.Path).LastWriteTime.ToString("yyyy-MM-dd_HH:mm:ss")


#Requires -Version 2.0

$ADServer = 'childDomain.domain.com'
$Aous = 'OU=Users,OU=Production,DC=childdomain,DC=domain,DC=com','OU=Onboarding,OU=Production,DC=childdomain,DC=domain,DC=com'
$Dous = 'OU=Terminated,DC=childdomain,DC=domain,DC=com', 'OU=Disability Leave,OU=Production,DC=childdomain,DC=domain,DC=com'
$ADous = 'OU=Users,OU=Production,DC=childdomain,DC=domain,DC=com','OU=Onboarding,OU=Production,DC=childdomain,DC=domain,DC=com','OU=Terminated,DC=childdomain,DC=domain,DC=com', 'OU=Disability Leave,OU=Production,DC=childdomain,DC=domain,DC=com'
$Exportpath = "C:\domain\ExportADUsers\"
if(!(test-path $Exportpath)){ New-Item -ItemType Directory -Force -Path $Exportpath }
$Logfile = "C:\domain\UserSearch_errors.txt"

#-determine Service Desk agent; used in Signature as well as Push-Button
if($env:UserName -Match "x_\w.*"){ $SDAgent = $env:UserName.Substring(2) }
else{ $SDAgent = $env:UserName }


#--Prompt/menu strings
$noADuserErrorString = "`n---..--  No Account found in Active Directory  --..---"
$promptActiveSearchString = "  - Enter the employee username that you wish to search the Active OU's for"
$promptDisabledSearchString = "  - Enter the employee username that you wish to search the Disabled OU's for"
$emptyInput = "No entry specified, please retype request."
$cancelOnboardForm = "Exiting Onboarding form. No actions taken."

$script:TESTING = $False
function testing-message
{
Write-Host "script:TESTING is currently : " -NoNewline
if($script:TESTING){ Write-Host "TRUE" -ForegroundColor Red }
else { Write-Host "FALSE" -ForegroundColor Green }

}

Connect-QADService childdomain.domain.com


Write-Host "`n`n**********************`n**`n**  " -NoNewline -ForegroundColor Green
Write-Host "Welcome, $SDAgent ($env:UserName)"
Write-Host "**`n********`n" -ForegroundColor Green


$SelectString = "Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container}}, homeDirectory"

function SelectStandard
{
#-trying to create function to standardize output for various search modes
Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container}}, homeDirectory
}

function Show-Error
{
#- NOTE: add "-ErrorAction Stop" switch to force terminating error
Write-Host "  |====================="
Write-Host "  |"
Write-Host "  | " -NoNewline
Write-Host "Caught an exception:" -ForegroundColor Red
Write-Host "  | " -NoNewline
Write-Host "Exception Type: $($_.Exception.GetType().FullName)" -ForegroundColor Red
Write-Host "  | " -NoNewline
Write-Host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
Write-Host "  | " -NoNewline
Write-Host "Exception Error[0]: $($error[0])" -ForegroundColor Red
Write-Host "  |"
Write-Host "  |====================="

}

function Show-Prompt
{
$prompttime = Get-Date -format T
$prompttime = Get-Date -format hh:mm:ss

Write-Host " `n<" -NoNewline
Write-Host "$prompttime" -ForegroundColor Yellow -BackgroundColor Black -NoNewline
Write-Host ">" -NoNewline
Write-Host " Enter the username you would like to lookup: " -ForegroundColor Cyan -BackgroundColor Black -NoNewline

# Write-Host " `n[ $prompttime ] Enter the username you would like to lookup: " -ForegroundColor Cyan -NoNewline
}

##########################
#  main loop
while($true){
Show-Prompt
$username = Read-Host
$username = $username.Trim()
#-ignore blank
elseif (($username -Match "^\s+$") -or ($username -eq '')){
Write-Host $emptyInput
Continue
}

#-Search Active OU's
#WIP
elseif ($username -eq 'Active'){
$usra = Read-Host -prompt $promptActiveSearchString
$usra = $usra.Trim()
$activecorp = Get-QADUser $usra -Searchroot $aous | Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container} }

$activecorp
if (!$activecorp) { Write-Host $noADuserErrorString -ForegroundColor Red -BackgroundColor Black }

$username = $usra  #~why?
Continue
}

#-Search Terminated & Disability Leave OU's
#WIP

elseif ($username -eq 'Disabled'){
$usra = Read-Host -prompt $promptDisabledSearchString
$usra = $usra.Trim()

$validUsername = $False
try{
    Get-ADUser -Server $ADServer -Searchbase $Dous | Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container} }
    $validUsername = $True
}
catch{
    Write-Host "$usra $noADuserErrorString" -ForegroundColor Red -BackgroundColor Black
    $validUsername = $False
}

$username = $usra

<#
$usra = Read-Host -prompt $promptDisabledSearchString
$usra = $usra.Trim()
$discorp = Get-QADUser $usra -Searchroot $dous | Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container} }

if (!$discorp) { Write-Host $noADuserErrorString -ForegroundColor Red -BackgroundColor Black }


#$username = $usra  #~why?
Return $discorp
#Continue

foreach($AllADUsers in $ADous){Get-ADUser -server $ADServer `
        -SearchBase $AllADUsers `
    -Filter * -Properties * |

#>
}

#-if starts with a number, assume phone number mode
elseif ($username -Match "^\d.*"){
$phoneno = $username

# Connect-QADService childdomain.domain.com
$phonecorp = Get-QADUser -Enabled -telephonenumber "*$phoneno" | Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container} }

$phonecorp
if (!$phonecorp) { Write-Host $noADuserErrorString -ForegroundColor Red -BackgroundColor Black }

Continue
}
#-Get employee ID
elseif ($username -eq 'gid'){
$usra = Read-Host -prompt "  - Enter the employee username that you wish to get the Employee ID for"
$usra = $usra.Trim()

$validUsername = $False
try{
    Get-ADUser $usra -Properties EmployeeID | Select EmployeeID
    $validUsername = $True
}
catch{
    Write-Host "[$usra] is not a valid username. Username must match EXACTLY." -ForegroundColor Red -BackgroundColor Black
    $validUsername = $False
}
$username = $usra
}
#-Exit script gracefully
elseif ($username -eq 'Exit'){
Exit
}
#-perform basic search
else{
# Write-Host "`n  - basic search - "  #-for testing, to verify elseif as well as to prove Active/Disabled options are not working as intended
# Connect-QADService childdomain.domain.com
$corp = Get-QADUser $username | Select Domain, Displayname, Description, AccountExpires, PasswordLastSet, Lastlogon, AccountIsDisabled, AccountIsLockedOut, PasswordNeverExpires, UserMustChangePassword, AccountIsExpired, PasswordIsExpired, AccountExpirationStatus, UserPrincipalName, @{l='DN'; e={Find-Container}}, homeDirectory, @{n="ManagerName";e={(Get-ADUser -Identity $_.Manager -properties DisplayName).DisplayName}}

$corp
if (!$corp) { Write-Host $noADuserErrorString -ForegroundColor Red -BackgroundColor Black }
}
}
4

1 回答 1

0

我并不完全清楚您要做什么,但我确实在您的代码中看到了一些问题。

我无法与 Quest cmdlet 对话,但我可以与Get-ADUser.

SearchBase参数需要一个字符串,但您已将其声明$Dous为一个数组:

$Dous = 'OU=Terminated,DC=childdomain,DC=domain,DC=com', 'OU=Disability Leave,OU=Production,DC=childdomain,DC=domain,DC=com'

然后将其传递给Get-ADUser

Get-ADUser -Server $ADServer -Searchbase $Dous

那是行不通的。您需要Get-ADUser为每个 OU 运行一次。

您还需要设置Filter参数,即使您只是将其设置*为获取每个用户:

Get-ADUser -Filter * -Server $ADServer -Searchbase 'OU=Terminated,DC=childdomain,DC=domain,DC=com'

Filter但是,如果您知道要查找的帐户的名称,则可能需要进行不同的设置。

于 2018-03-14T12:50:13.933 回答