0

希望有人可以提供帮助,不幸的是,我不是 Powershell 专家

这就是我要的:

根据用户名的第一个字母,在特定 OU 中查找 AD 中的用户。验证他们是否是 AD 组的成员,如果不是;删除用户的一些特定配置文件并将用户添加到该特定组。

我尝试过的部分代码:

Import-Module ActiveDirectory

# OUs needed to be searched for users
$OU1 = 'name of first OU'
$OU2 = 'name of 2nd OU'
$OU3 = 'name of 3rd OU'

# AD group where users needs to be added
$Group = 'name of group'

# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'

# Create an array with corresponding users
$userslist= @()

$users1 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU1 | select -ExpandProperty samAccountName
$users2 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU2 | select -ExpandProperty samAccountName
$users3 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU3 | select -ExpandProperty samAccountName


$userslist += $users1,$users2,$users3


# check membership of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName


# Delete userpref files of user when user is not member of the -name of group-

foreach ($user in $userslist)
{
If ($members -contains $user)
{
Write-host "$user exists in group, so userpref files won't be deleted"
} 
    Else 
    {

#if users doesn't exist in AD Group - delete userpref files of user
Write-host "$user doesn't exist in group, deleting userpref files of user"

Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -Force
}
}



# check if user is part of the group. if not, add it to the group

foreach ($user in $userslist)
{
If ($members -contains $user)
{
Write-host "$user exists in group, so user won't be added to group $group"
} 
    Else 
    {

#if users doesn't exist in AD Group - add them to AD Group
Write-host "$user doesn't exist in group, adding user to group $group"
Add-ADGroupMember $Group -Members $userslist
}
}

#end of script

由于某种原因,$userslist 数组已填充,但 $userslist 中的 foreach 循环 $user 不起作用,$user 未填充,并且出现类似错误

删除项目:找不到路径“E:\users\pwrmenu\UserPref”,因为它不存在。Add-ADGroupMember:无法验证参数“成员”的参数。参数为 null、空或参数集合的元素包含 null 值。

希望有人能帮助我!谢谢!

编辑 @Andrew Ryan Davis,

抱歉,对这个网站还不是很熟悉

$userslist 的内容:

PS C:\Users\serverw> $userslist

WGoossensTest

wgoossenstest2

$members 的内容:

PS C:\Users\serverw> $members

用户名1

用户名2

用户名3

ETC

4

1 回答 1

1

不知道为什么您不会在用户中填充任何内容。我确实看到您有很多重复的代码以及几次优化的机会。如果您将用户保留为具有 samaccountname 属性的对象,则可以通过不调用脚本块来加速 where 子句。

$userslist | where samaccountname -notin $members

或者

$userslist | where $members -notcontains samaccountname

您还根据组成员列表检查每个用户两次。查看下面的优化版本。

Import-Module ActiveDirectory

# OUs needed to be searched for users
$OUs = 'name of first OU','name of 2nd OU','name of 3rd OU' 

# AD group where users needs to be added
$Group = 'name of group'

# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'

# Create an array with corresponding users
$userslist = $ous | foreach {
    Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $_ | select samaccountname
}

# Get member list of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName

# Delete userpref files of user when user is not member of the -name of group- and then add to the group
foreach($user in $userslist | where samaccountname -notin $members | select -ExpandProperty sAMAccountName)
{
    Write-host "$user doesn't exist in group, deleting userpref files of user"
    Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -WhatIf
    Write-host "$user doesn't exist in group, adding user to group $group"
    Add-ADGroupMember $Group -Members $user -whatif
}

#end of script

这不会提供组中用户的反馈。如果您真的想看到,那么您可以将它们分开并分别运行。

Import-Module ActiveDirectory

# OUs needed to be searched for users
$OUs = 'name of first OU','name of 2nd OU','name of 3rd OU' 

# AD group where users needs to be added
$Group = 'name of group'

# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'

# Create an array with corresponding users
$userslist = $ous | foreach {
    Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $_ | select samaccountname
}

# Get member list of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName

$notmembersof,$membersof = $userslist.where({$_.samaccountname -notin $members},'split')

# Delete userpref files of user when user is not member of the -name of group- and then add to the group
foreach($user in $notmembersof.sAMAccountName)
{
    Write-host "$user doesn't exist in group, deleting userpref files of user"
    Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -WhatIf
    Write-host "$user doesn't exist in group, adding user to group $group"
    Add-ADGroupMember $Group -Members $user -whatif
}

foreach($user in $membersof.sAMAccountName)
{
    Write-host "$user exists in group, so userpref files won't be deleted"
    Write-host "$user exists in group, so user won't be added to group $group"
}
#end of script

您可能已经遇到的另一个问题是您的Add-ADGroupMember目标是整个$userslist而不是每个$user. 我添加了 -WhatIf,这样您就可以在完成之前三重检查会发生什么。

编辑

如果$userlist可能是空的,那么我们应该做一个检查,比如。

if($null -eq $userlist){write-host "userlist is empty";break}

您评论中的错误显示$userlist为空,请尝试这些测试。

$members = 'test'
$userlist = 'test'
$match,$nomatch = $userlist.where({$_ -in $members},'split')

$members = 'test1'
$userlist = 'test'
$match,$nomatch = $userlist.where({$_ -in $members},'split')

也不会出错,第一个$match将被填充并且$nomatch为空。在第二个中,情况正好相反。在这两种情况下,它都不会像您看到的那样出错。

于 2020-09-23T22:57:02.940 回答