在 AD 中创建计算机组的简单 PowerShell 脚本。如果组存在,则打印已经存在,否则创建新的。但是出了点问题,它没有创建一个新组。
Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell
Clear-Variable -Name "Result"
Clear-Variable -Name "JSONOutput"
Clear-Variable -Name "ErrorMessage"
Clear-History
$username='<>';
$password='<>';
$computerGroup = 'Sample-New-Role';
# ************* SET CREDENTIALS *************************************
$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username,$Password)
Set-CdmCredential -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Credential $Cred
$global:DomainController = Get-ADDomain -Current LocalComputer
Set-CdmPreferredServer -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Server $global:DomainController.InfrastructureMaster
$global:OUPath = Get-ADOrganizationalUnit -Filter 'Name -like "Role Groups-Computer"'
# ************************ Create Zone ******************************
try{
if(Get-ADGroup -filter {Name -eq $computerGroup} -ErrorAction Continue)
{
$Result = "Already_Exists"
} else
{
New-ADGroup -Name $computerGroup -GroupScope Global -GroupCategory Security -Path $global:OUPath -Credential $Cred
$Result = 'Success'
}
}
catch{
$ErrorMessage = $_.Exception
}
# ************************* Result *********************************
$JSONOutput = @{"result"=$Result;"error"=$ErrorMessage} | ConvertTo-Json -Compress
Write-Output $JSONOutput
输出:如果组已经存在,那么只需创建新的 else print 'Already_Exists' 如果组已经存在但失败并在新组时出错,则它工作正常。它应该创建组,而不是错误。条件有什么问题吗?
{"error":{"Message":"找不到具有身份的对象:\u002709328-Sample-New-Role\u0027 ....