Powershell中Get-ADUser的功能
[英]Function for Get-ADUser in Powershell
问题描述
I'm writing the below function in PowerShell and on execution an error is generated: 
我在PowerShell中编写以下函数,执行时会生成错误:
Get-ADUser : Error parsing query: 'EmployeeId -eq ' Error Message: 'syntax error' at position
: '12'.
At line:14 char:16
The function is below. 该功能如下。
Function UpdateGroupMembership ($Members, $Group, $err) {
$Members | ForEach-Object {
$EID = $_.ID
$filter = [scriptblock]::Create("EmployeeId -eq $EID")
If ((Get-ADUser -Filter $filter) -like "")
{$err += "`n"+"User: "+$_."First Name"+" "+$_."Last Name"+" was not found in "+$_."District"+"<br>"}
Else
{$alias += Get-ADUser -Filter $filter}
}
$alias | ForEach-Object {
Add-ADGroupMember -Identity $Group -Members $_.SamAccountName
}
} }
UpdateGroupMembership ($atl, $atlGroup, $atlerr)
Any advice would be highly appreciated! 任何建议将不胜感激! Just learning PowerShell...so please go easy on me! 只是学习PowerShell ...所以请对我轻松一点!
3 个解决方案
解决方案1
1 2015-04-02 02:28:15
Hard to say exactly how your code works since you don't show us any input but the following is the first major issue 由于您没有向我们显示任何输入信息,因此很难确切说明代码的工作方式,但以下是第一个主要问题
Function Parameters 功能参数
UpdateGroupMembership ($atl, $atlGroup, $atlerr)
Functions are not methods. 函数不是方法。 When you call your function like that you are sending all arguments as an array to the parameter $Members . 当您像这样调用函数时,会将所有参数作为数组发送到参数$Members 。 The call has to look like this. 通话必须看起来像这样。
UpdateGroupMembership $atl, $atlGroup, $atlerr
That If Block If阻止
((Get-ADUser -Filter $filter) -like "")
Not sure what you are trying to accomplish but -like is usually used for string comparisons. 不确定要完成什么,但是-like通常用于字符串比较。 Get-ADUser would return an object array or $null . Get-ADUser将返回一个对象数组或$null 。 Are you testing to see if it is empty or null? 您是否在测试是否为空或为空?
If(Get-ADUser -Filter $filter){
}
The above would only be true if data was returned. 仅当返回数据时,上述情况才成立。
About $err 关于$err
Are you trying to pass back information through that variable? 您是否正在尝试通过该变量传递信息? Function be default pass information by value so you populating $err would have no use outside the function. 函数是按值默认传递信息的函数,因此您填充$err在函数外部将毫无用处。
解决方案2
1 已采纳 2015-04-02 03:13:35
I think some understanding of and functions and parameters, as well as error handling is in order here. 我认为对这里的功能,参数以及错误处理有一定的了解。 You leave out some info so I am going to assume that $atl is an array of objects, and that those objects each have (at least) the properties 'ID', 'First Name', and 'Last Name'. 您省略了一些信息,因此我将假定$atl是对象数组,并且这些对象每个都(至少)具有(至少)属性“ ID”,“名”和“姓”。 I assume that $atlGroup is a string being the name of the group you want to add the users defined in those objects to. 我假设$atlGroup是一个字符串,是要将这些对象中定义的用户添加到的组的名称。 I also assume that $atlerr is probably nothing, but that you want it to be populated with errors should they happen. 我还假设$atlerr可能什么都不是,但是您希望它在发生错误时填充错误。
This really comes down to what Matt said in his answer. 这实际上取决于马特在回答中所说的。 You are calling your function incorrectly. 您错误地调用了函数。 You are passing an array of objects as the first parameter (the 'Members' parameter). 您正在传递对象数组作为第一个参数(“ Members”参数)。 So here's the flow of the function as you have it... 所以这就是函数的流程...
$Members = @($atl, $atlGroup, $atlErr)
$Group = $null
$Err = $null
$Members then gets passed to a ForEach loop, so it passes it's first item, which is an array of objects. 然后, $Members被传递到ForEach循环,因此它传递了它的第一项,即对象数组。 It passes the entire array of $atl on to the ForEach loop, so that loop now goes: 它将整个$atl数组传递到ForEach循环,因此该循环现在进行:
$EID = $atl.ID
Well, here we have a problem. 好吧,我们这里有一个问题。 $atl is an array, it doesn't have a property of 'ID' like all of the objects it contains. $ atl是一个数组,不像其包含的所有对象一样具有“ ID”属性。 So it returns $null , so... 所以它返回$null ,所以...
$EID = $null
$filter = [scriptblock]::Create("EmployeeId -eq $EID")
Ok, so now $filter is a scriptblock that looks like {EmployeeId -eq $null} , which as a scriptblock goes is just fine. 好的,所以现在$filter是一个看起来像{EmployeeId -eq $null}的脚本块,就像脚本块一样。 The problem is that when it is passed to the Get-ADUser cmdlet as the argument for the -Filter parameter that parameter expects you to provide something in the format of: 问题是,当将它作为-Filter参数的参数传递给Get-ADUser cmdlet时,该参数希望您提供以下格式的内容:
Property Operator Value
You're looking at the EmployeeID property, and using the -eq operator. 您正在查看EmployeeID属性,并使用-eq运算符。 That property is a string, so it expects you to provide a string to compare it to. 该属性是一个字符串,因此希望您提供一个字符串进行比较。 You don't do that, so it throws an error. 您不这样做,因此会引发错误。
Now you were hoping to catch those errors with your If/Else statement, but son you're simply re-creating the wheel with that. 现在,您希望通过If / Else语句捕获那些错误,但是,您只是在用它来重新创建轮子。 PowerShell already has Try/Catch blocks, and here's how they work. PowerShell已经具有Try / Catch块,这是它们的工作方式。 If you Try an action that causes the script to stop, instead of stopping it moves to the Catch scriptblock and executes that. 如果您Try导致脚本停止的操作,而不是停止脚本,它将移至Catch脚本块并执行该操作。
So to simplify what you were doing we could Try to get the ad user, and pipe that directly into add-adprincipalgroupmembership (this cmdlet accepts piped in user objects, and lets you define the name of the group to add them to as opposed to the cmdlet that you used which accepted piped group objects and lets you define what users to add to the group). 因此,为简化操作,我们可以Try获取广告用户,然后将其直接传递到add-adprincipalgroupmembership (此cmdlet接受通过管道add-adprincipalgroupmembership用户对象,并允许您定义要添加到的组的名称,而不是您使用的cmdlet接受了管道组对象,并允许您定义要添加到该组的用户。 Then in the Catch block we output your error which should only happen when the process in the Try block fails. 然后,在Catch块中,我们输出您的错误,该错误仅在Try块中的过程失败时才会发生。 Now you just assign the output of the function to whatever you want to store your errors in. It ends up looking something like this: 现在,您只需将函数的输出分配给您想要存储错误的任何内容。它最终看起来像这样:
Function UpdateGroupMembership{
Param(
[object[]]$Members,
[String]$Group
)
ForEach($User in $Members){
Try{
Get-ADUser -Filter {EmployeeId -eq "$($User.ID)"} | Add-ADPrincipalGroupMembership -MemberOf $Group
}
Catch{
"User: {0} {1} was not found." -f $User."First Name",$User."Last Name"
}
}
}
$atlErr = UpdateGroupMembership $atl $atlGroup
Matt's answer really does answer your question, I just wanted to offer some guidance on how exactly the process was working and why you got the errors, and give some advise on how you could have better written the function so you have something to take with you going forward. Matt的回答确实回答了您的问题,我只是想提供一些有关流程运行方式以及错误原因的指导,并就如何更好地编写函数提供一些建议,以便您随身携带一些东西。向前走。 I up-voted Matt's answer, it does answer the question, I just thought some additional context and help on fixing the issue would be in order to help out a newbie. 我投票赞成Matt的回答,它确实回答了这个问题,我只是认为一些其他情况和解决此问题的帮助将是为了帮助新手。 We've all been there at some point. 我们都曾经到过那里。
Edit: I should also mention that I think creating a function to process groups of things like this is a mistake. 编辑:我还应该提到,我认为创建一个函数来处理类似这样的事情是错误的。 You would be better served making it process one thing, and accepting piped input or putting it in a ForEach loop. 您最好使它处理一件事情,接受管道输入或将其放入ForEach循环中。 But that's just my opinion, take it or leave it. 但这只是我的看法,可以接受也可以保留。
解决方案3
0 2015-04-02 14:15:32
Function UpdateGroupMembership { Param( [object[]]$Members, [String]$Group ) ForEach($User in $Members){ Try{ $filter = $($User.ID) Get-ADUser -Filter {EmployeeId -eq $filter} | Add-ADPrincipalGroupMembership -MemberOf $Group } Catch{ "User: {0} {1} was not found in {2}." -f $User."First Name",$User."Last Name", $User.District } } } $atlErr = UpdateGroupMembership $atl $atlGroup
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.