使用ps1脚本向AD用户添加组

Question

With following script I'd like to add a group to an AD user, but it doesn't do it, and I get no error.

param($Userid,$AdditionalGroup)

# Get user
$User = Get-ADUser `
    -Filter "SamAccountName -eq $Userid"

# Add comment
Add-ADGroupMember `
    -Identity $AdditionalGroup `
    -Members $User

Answer 1

Filtering like that didn't work for me (and generated an error), however adding ' before and after $Userid did the trick.

param($Userid,$AdditionalGroup)

# Get user
$User = Get-ADUser `
    -Filter "SamAccountName -eq '$Userid'"

# Add comment
Add-ADGroupMember `
    -Identity $AdditionalGroup `
    -Members $User

Answer 2

As you're only doing a straight -eq match on sAMAccountName you don't need to use -Filter , the Identity param will accept this along with other inputs:

• A distinguished name
• A GUID (objectGUID)
• A security identifier (objectSid)
• A SAM account name (sAMAccountName)

( documentation link )

Which makes your code very simple:

$User = Get-ADUser -Identity $Userid

---

To simplify it even further, you don't even need to use Get-ADUser at all!

Add-ADGroupMember -Members ( link ) accepts the same parameters as I mentioned for Identity ...

So you can use $UserID directly:

param($Userid,$AdditionalGroup)

Add-ADGroupMember -Identity $AdditionalGroup -Members $UserID

Answer 3

这也将起作用（不使用单引号）：

$User = Get-ADUser -Filter {SamAccountName -eq $Userid}