将其他域中的用户添加到AD组
[英]Add users from another domain to AD group
问题描述
I need to add all users from one AD group to another AD group. 
我需要将一个AD组中的所有用户添加到另一个AD组。 Both groups are in the same domain, though the users are from another domain in the forest. 两个组都在同一个域中,但用户来自林中的另一个域。
Domain "LPC": $Source_Group and $Destination_Group 域“LPC”: $Source_Group和$Destination_Group
Domain "forestx": Users 域“forestx”:用户
Here one example I wrote with the help of this Microsoft article : 这是我在这篇微软文章的帮助下写的一个例子:
$Source_Group = "CN=TestSrc,OU=xxx,OU=yyy,DC=lpc,DC=de"
$Destination_Group = "CN=TestDest,OU=xxx,OU=yyy,DC=lpc,DC=de"
$SourceUseres = Get-ADGroupMember -Identity $Source_Group
foreach ($Person in $SourceUseres) {
$User = Get-ADUser $Person -Server forestx-dc-1
Add-ADPrincipalGroupMembership -Server lpc-dc-1 $User -MemberOf $Destination_Group
}
Get-ADUser $Person -Server forestx-dc-1 seems to contain the right object if I write it to the comand line, but the reference seems not to work in the Add-ADPrincipalGroupMembership statement. Get-ADUser $Person -Server forestx-dc-1似乎包含正确的对象,如果我将它写入命令行,但该引用似乎不适用于Add-ADPrincipalGroupMembership语句。
1 个解决方案
解决方案1
0 已采纳 2017-02-14 12:21:01
I found the answer myself using the Set-ADObject command: 我自己使用Set-ADObject命令找到了答案:
$Source_Server = "x1"
$Source_Group = Get-ADGroup "xxx" -Server $Source_Server
$Destination_Server = "y1"
$Destination_Group = Get-ADGroup "yyy" -Server $Destination_Server
$SourceUseres = Get-ADGroupMember -Identity $Source_Group
foreach ($Person in $SourceUseres) {
Set-ADObject -Identity $Destination_Group -Add @{member=$Person.distinguishedName} -Server $Destination_Server
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.