活动目录复制用户属性
[英]active directory copying user attributes
问题描述
I have a script, which should copy Description value to Department . 
我有一个脚本,该脚本应将Description值复制到Department 。 But script only seems to be working 50%. 但是脚本似乎只能工作50%。
I have OU , and there are 3 sub OU 's. 我有OU ,并且有3个子OU 。 The script changes only first OU users attributes, but not the other 2. Could someone check script and tell me whats wrong with it. 该脚本仅更改第一个OU用户属性,而不更改其他2.有人可以检查脚本并告诉我它怎么了。
Script: 脚本:
Option Explicit
On Error Resume Next
Dim objUser, objChild, objConnection, objRootDSE, objItem
Dim WshShell, objFSO, strRoot, strDNSDomain, strContainer
Dim strDescription, strsAMAccountName
Dim strdepartmentAfter, strDirectory, strdepartmentBefore
Dim i, intLogFlag 'no log exists
i=1
intLogFlag = 0
Set WshShell = CreateObject("WScript.Shell")
'Set current directory to Desktop & display on page
strDirectory = WshShell.SpecialFolders("Desktop") & "\"
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strContainer = strContainer & strDNSDomain
'To do a subcontainer, add it after//ou=OUName, - include comma
Set strRoot =GetObject("LDAP://OU=Kasutajad," & strDNSDomain )
'Start Logging
CreateLog()
'****************************************************************
For each objChild in strRoot
Select Case objChild.class
Case "organizationalUnit","container"
Call DATree
End Select
Next
Sub DATree()
OU.Filter="objectClass=user"
For each user in OU
If user.class="user" Then
On Error Resume Next
user.Department=user.description
If Err.Number = 0 Then
user.SetInfo
WScript.Echo "Copied:" & user.description & " for " & user.name
Else
On Error GoTo 0
WScript.Echo "No IPPHONE configured for " & user.name
End If
On Error GoTo 0
end if
i=i+1
next
End Sub
i = i -1
Wscript.Echo "Accounts = " & i
Wscript.Quit
'****************************************************************
Sub CreateLog()
On Error Resume Next
Dim objFile
Dim strFile, strText
'Create log file
strFile = "UserDepartmentLog_" & Month(Date()) & "_" & Day(Date()) & ".txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(strDirectory & strFile)
Set objFile = Nothing
'Write headers to the log file
strText = "User Name,Date,Description,Department Before, Department After"
Set objFile = objFSO.OpenTextFile(strDirectory & strFile, 8, True)
objFile.WriteLine(strText)
intLogFlag = 1
Set objFSO = Nothing
Set objFile = Nothing
End Sub
'****************************************************************
'Used to append the log for each computer the script is run against
Sub WriteLog(strdescription, strAccountName, strDeptBefore, strDeptAfter)
On Error Resume Next
Dim objFile, objTextFile
Dim strFile, strText
strFile = "UserDepartmentLog_" & Month(Date()) & "_" & Day(Date()) & ".txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Check to see if the log exists
If intLogFlag = 1 Then
'Write to the log
strText = strAccountName & "," & Date() & "," & strDescription & "," & strDeptBefore & "," & strDeptAfter
Set objFile = objFSO.OpenTextFile(strDirectory & strFile, 8, True)
objFile.WriteLine(strText)
objFile.Close
'Reset strText for later use
strText = ""
Else 'If the log doesn't exist, create it
CreateLog()
'Reset strText for later use
strText = ""
End If
Set objTextFile = Nothing
Set objFile = Nothing
Set objFSO = Nothing
End Sub
1 个解决方案
解决方案1
0 2014-05-09 18:22:22
I suggest you ditch VBScript and switch to PowerShell. 我建议您放弃VBScript并切换到PowerShell。 All of that can be replaced with this (all on one line): 所有这些都可以被替换(全部一行):
Get-ADUser -SearchBase 'OU=PowerShell Testing,DC=yourdom' -LDAPFilter '(sAMAccountName=*)' -Properties description |
All you need to do this is PowerShell 2.0 (preferably 3.0 though because it's much easier) and the Active Directory Module on your client . 您所需要做的就是PowerShell 2.0(最好是3.0,因为它更容易实现)和客户端上的Active Directory模块 。
Hopefully, the command are verbose enough to work out most of what's going on. 希望该命令足够详细,可以解决大部分正在发生的事情。 The thing to know is that PowerShell commands tend to return objects*, rather than text. 要知道的是,PowerShell命令倾向于返回对象*,而不是文本。 The | | is a pipe, so the output objects from the first command (Get-ADUser) are sent to the second command (ForEach-Object). 是管道,因此第一个命令(Get-ADUser)的输出对象将发送到第二个命令(ForEach-Object)。 And $_ represents the object in the pipeline. $ _代表管道中的对象。 So, inside the braces, I'm doing a Set-ADUser (Set is PowerShell's standard verb for updating) on the object in the pipeline, applying the value of the description attribute of the object in the pipeline to the -Department property. 因此,在括号内,我对管道中的对象执行Set-ADUser(Set是PowerShell的标准动词用于更新),将管道中对象的description属性的值应用于-Department属性。 Ta da! da!
This is known as a PowerShell one-liner. 这称为PowerShell一线式。 I could've written it as a script and it might've looked like this: 我本可以将其编写为脚本,但看起来可能像这样:
$users = Get-ADUser `
-SearchBase 'OU=PowerShell Testing,DC=yourdom' `
-LDAPFilter '(sAMAccountName=*)' -Properties description
foreach ($user in $users)
{
Set-ADUser $user -Department $user.description
}
The ` is PowerShell's continuation character. `是PowerShell的延续字符。
I used to do a lot of VBScripting - I had scripts with 000s of lines of code. 我曾经做过很多VBScripting-我的脚本包含数千行代码。 Now, I wouldn't touch it with a barge-pole, if I had a choice. 现在,如果我有选择的话,我不会碰驳船。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.