现在我有一个脚本,可以循环访问手动分配的不同 AD 用户和组。我很想能够做一个read-console
,但是当我不知道会有多少个字符串时,我不知道如何请求多个字符串。有问题的代码如下,有问题的变量是$Users和$Groups。根据其用途,可能会使用很多或很少的用户/组。
<#
This script is to be used for impending access, usually of a high priority for users with an AD account not yet created.
Needs to be run as administrator.
Please note that the script will generate console log failures when accounts do not exist. THIS IS NORMAL BEHAVIOR.
#>
<#Modify these variables in the same format based on requirements. Leave "" for a null value.#>
$Users = "user1", "user2"
$Groups = "group1", "group2"
<#values for notifiation email. Internal addresses only.#>
$FromAddr = "a@b.com"
$ToAddr = "a@b.com", "a@b.com"
$ccAddr = "a@b.com"
<#P1 is assumed, but can be anything#>
$Priority = "P1"
<#How often (in seconds) the script will check for the existence of the AD accounts#>
$SleepTimerSec = 30
DO{
Foreach ($User in $Users) {
If (Get-ADUser -Identity $User){
#If the user exists in AD, it will add it to all of the AD groups listed above
Add-ADPrincipalGroupMembership $User -MemberOf $Groups[0..$Groups.GetUpperBound(0)]
#Removes the added user from being checked going forward
$Users = $Users | Where-Object {$_ -ne $User}
#sends and email alert that the user was added
Send-MailMessage -From $FromAddr -Subject "VPN access granted" -SmtpServer xxxx -To $ToAddr -Cc $ccAddr -Body "Access has been granted for $($Priority) User: $($User)"
}
}
#Console logging
Write-Host "Users remaining: " $Users
Write-Host "Waiting" $SleepTimerSec "seconds"
#Pause before the next AD check
Start-Sleep -Seconds $SleepTimerSec
} While($Users -ne $Null)