[英]Get-ADUser Check for conflicting proxyAddresses
Currently I have a script that creates user accounts. 目前,我有一个创建用户帐户的脚本。
Note: Not all users have the same UPN (UserPrincipalName) 注意:并非所有用户都具有相同的UPN(UserPrincipalName)
User accounts are in the following format: <firstinit><lastname>
. 用户帐户的格式如下: <firstinit><lastname>
。
If this conflicts, the format will be changed to: <firstinit><middleinit><lastname>
如果这冲突,则格式将更改为: <firstinit><middleinit><lastname>
Recently I have ran into an issue where the user's proxyAddress
is conflicting with existing users. 最近,我遇到了一个问题,其中用户的proxyAddress
与现有用户冲突。 This is a problem because AD will not catch this. 这是一个问题,因为AD无法捕获此问题。
Issue: 问题:
Checking every AD-User
's proxy address is very time consuming if not included in the filter. 如果未包含在过滤器中,则检查每个AD-User
的代理地址非常耗时。 However, when including proxyAddresses
in the filter the results are inconsistent. 但是,当在过滤器中包含proxyAddresses
,结果将不一致。 I am assuming this is because the proxyAddresses
attribute is an array. 我假设这是因为proxyAddresses
属性是一个数组。
Inconsistent : 不一致 :
Import-Module ActiveDirectory
$FirstLast = "jrider@ChuckNorrisKills.com"
$conflictCheck = Get-ADUser -Properties mail, proxyAddresses -Filter "mail -eq '$FirstLast' -or UserPrincipalName -eq '$FirstLast' -or proxyAddresses -eq `"smtp:'$FirstLast'`"" | measure
if($conflictCheck.Count -gt 0)
{
Write-Host "New user conflicts with existing user" -ForegroundColor Red
}
I have come up with a solution that will resolve me issue. 我想出了一个可以解决我问题的解决方案。 Unfortunately this is very slow (expected): 不幸的是,这非常慢(预期):
Import-Module ActiveDirectory
function Test-NewADUser
{
Param(
[Parameter(Mandatory=$true)][string]$firstname,
[Parameter(Mandatory=$true)][string]$lastname,
[Parameter(Mandatory=$false)][string]$middle
)
[bool]$proxExsists = $false
$domain = '@chuckNorrisKills.com'
$FirstLast = $firstname.Substring(0,1)+$lastname+$domain
Get-ADUser -Filter * -Properties proxyAddresses | foreach {
#xpand the proxy address and iterate through it
foreach($address in $_.proxyAddresses)
{
#As you can see this goes through every user
Write-Host "Address: " $address -ForegroundColor Yellow
if($address -eq "smtp:$FirstLast")
{
Write-Host "Found Conflict" -ForegroundColor Red
$proxExsists = $true
}
}
}
}
Test-NewADUser -firstname jack -lastname Rider
Question(s): 问题:
proxyAddresses
and check for conflicts in the -Filter
? 有没有一种办法,扩大proxyAddresses
,并检查在冲突-Filter
? Thank you in advance for any help 预先感谢您的任何帮助
You don't need to expand it, as the proxyAddress filter should be reliable. 您不需要扩展它,因为proxyAddress过滤器应该是可靠的。
So, this should be very straightforward: 因此,这应该非常简单:
function Validate-proxyAddress($email)
{
if (Get-ADUser -Filter "proxyAddresses -eq 'smtp:$email'")
{
return $true
}
elseif (Get-ADUser -Filter "mail -eq '$email'")
{
return $true
}
elseif (Get-ADUser -Filter "UserPrincipalName -eq '$email'")
{
return $true
}
return $false
}
or you can join it all in one like your code, hasn't tested it, so if you get false, the user not exist, should be ok to continue... 或者您可以像代码一样将其全部加入,但尚未对其进行测试,因此,如果您得到的是假,则表明该用户不存在,应该可以继续...
Also, you can use -like
instead of -eq
if you need (in cases where missing the smtp prefix somehow): 另外,如果需要,可以使用-like
而不是-eq
(在某种程度上缺少smtp前缀的情况下):
"proxyAddresses -like '*$email*'"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.