[英]Adding groups to AD user with a ps1 script
With following script I'd like to add a group to an AD user, but it doesn't do it, and I get no error. 使用以下脚本,我想向AD用户添加组,但是它没有执行此操作,并且没有错误。
param($Userid,$AdditionalGroup)
# Get user
$User = Get-ADUser `
-Filter "SamAccountName -eq $Userid"
# Add comment
Add-ADGroupMember `
-Identity $AdditionalGroup `
-Members $User
Filtering like that didn't work for me (and generated an error), however adding '
before and after $Userid did the trick. 这样的过滤对我不起作用(并产生了错误),但是在$ Userid之前和之后添加
'
。
param($Userid,$AdditionalGroup)
# Get user
$User = Get-ADUser `
-Filter "SamAccountName -eq '$Userid'"
# Add comment
Add-ADGroupMember `
-Identity $AdditionalGroup `
-Members $User
As you're only doing a straight -eq
match on sAMAccountName you don't need to use -Filter
, the Identity
param will accept this along with other inputs: 由于您仅对sAMAccountName执行
-eq
匹配,因此无需使用-Filter
, Identity
参数将接受此输入以及其他输入:
- A distinguished name
专有名称
- A GUID (objectGUID)
GUID(objectGUID)
- A security identifier (objectSid)
安全标识符(objectSid)
- A SAM account name (sAMAccountName)
SAM帐户名(sAMAccountName)
( documentation link )
( 文档链接 )
Which makes your code very simple: 这使您的代码非常简单:
$User = Get-ADUser -Identity $Userid
To simplify it even further, you don't even need to use Get-ADUser
at all! 为了进一步简化它,您甚至根本不需要使用
Get-ADUser
!
Add-ADGroupMember -Members
( link ) accepts the same parameters as I mentioned for Identity
... Add-ADGroupMember -Members
( link )接受与我提到的Identity
相同的参数。
So you can use $UserID
directly: 因此,您可以直接使用
$UserID
:
param($Userid,$AdditionalGroup)
Add-ADGroupMember -Identity $AdditionalGroup -Members $UserID
这也将起作用(不使用单引号):
$User = Get-ADUser -Filter {SamAccountName -eq $Userid}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.