1

在 AD 中创建计算机组的简单 PowerShell 脚本。如果组存在,则打印已经存在,否则创建新的。但是出了点问题,它没有创建一个新组。

Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell

Clear-Variable -Name "Result"
Clear-Variable -Name "JSONOutput"
Clear-Variable -Name "ErrorMessage"
Clear-History

$username='<>';
$password='<>';
$computerGroup = 'Sample-New-Role';


# ************* SET CREDENTIALS *************************************
$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username,$Password)
Set-CdmCredential -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Credential $Cred
$global:DomainController = Get-ADDomain -Current LocalComputer
Set-CdmPreferredServer -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Server $global:DomainController.InfrastructureMaster
$global:OUPath = Get-ADOrganizationalUnit -Filter 'Name -like "Role Groups-Computer"'

# ************************ Create Zone ******************************
try{
    if(Get-ADGroup -filter {Name -eq $computerGroup} -ErrorAction Continue)
    {
            $Result = "Already_Exists"
    } else 
        {
            New-ADGroup -Name $computerGroup -GroupScope Global -GroupCategory Security -Path $global:OUPath -Credential $Cred
            $Result = 'Success'
        }
}
catch{
$ErrorMessage = $_.Exception
}

# ************************* Result *********************************
$JSONOutput = @{"result"=$Result;"error"=$ErrorMessage} | ConvertTo-Json -Compress
Write-Output $JSONOutput

输出:如果组已经存在,那么只需创建新的 else print 'Already_Exists' 如果组已经存在但失败并在新组时出错,则它工作正常。它应该创建组,而不是错误。条件有什么问题吗?

{"error":{"Message":"找不到具有身份的对象:\u002709328-Sample-New-Role\u0027 ....

4

1 回答 1

1
Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell

Clear-Variable -Name "Result"
Clear-Variable -Name "JSONOutput"
Clear-Variable -Name "ErrorMessage"
Clear-History

$username='<>';
$password='<>';
$computerGroup = 'Sample-New-Role';


# ************* SET CREDENTIALS *************************************
$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username,$Password)
Set-CdmCredential -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Credential $Cred
$global:DomainController = Get-ADDomain -Current LocalComputer
Set-CdmPreferredServer -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Server $global:DomainController.InfrastructureMaster
$global:OUPath = Get-ADOrganizationalUnit -Filter 'Name -like "Role Groups-Computer"'

# ************************ Create Zone ******************************
try{
    if(Get-ADGroup -filter {Name -eq $computerGroup} -ErrorAction Continue)
    {
            $Result = "Already_Exists"
    } else 
        {
            New-ADGroup -Name $computerGroup -GroupScope Global -GroupCategory Security -Path $global:OUPath -Credential $Cred
            $Result = 'Success'
        }
}
catch{
$ErrorMessage = $_.Exception
}

# ************************* Result *********************************
$JSONOutput = @{"result"=$Result;"error"=$ErrorMessage} | ConvertTo-Json -Compress
Write-Output $JSONOutput
于 2020-05-01T00:52:11.390 回答