堆栈内存溢出
  简体   繁体   English

Powershell AD脚本-在帐户名末尾添加一个数字

[英]Powershell AD Script - Add a number onto the end of account Name

 原文  2018-06-05 07:16:38       powershell/ active-directory

问题描述

Another question regarding this dreaded script. 关于这个可怕的脚本的另一个问题。 I have ran into a brick wall. 我碰到了砖墙。 The way usernames at my organisation are created, are SurnameInitial. 我单位的用户名创建方式为SurnameInitial。 However, if the account already exists we put a number on the end. 但是,如果该帐户已经存在,我们会在末尾加一个数字。 If that number exists, it changes to the next number (TestT , TestT1 , TestT2 ... etc ) 如果该数字存在,它将更改为下一个数字(TestT,TestT1,TestT2 ...等)

I can't figure out how to get the script to do this, it simply does not create the account if it already exists in the AD 我不知道如何获取脚本来执行此操作,如果该帐户已经存在于AD中,它根本不会创建该帐户

The following is relevant code to help you understand how it currently manages account creation. 以下是相关代码,以帮助您了解其当前如何管理帐户创建。 

#region Unique Field Data

# Acquiring unique field data
$GivenName = Read-Host -Prompt "What Is The New User's First Name?"
Write-Host " "

$Surname = Read-Host -Prompt "What Is The New User's Last Name?"
Write-Host " "

$Description = Read-Host -Prompt "What Is The Job Title & Department Of The New User? [Please format as Job Title – Dept]"
Write-Host " "

#endregion

#region Data Generation

$DisplayName = $GivenName + " " + $Surname

$Mail = $GivenName + "." + $Surname + "@" + "RE"

$MailAlias = $GivenName + "." + $Surname + "@" + $DNSRoot2

$SInitial = $Surname[0]
$Initial = $GivenName[0]
$SAMAccountName = $Surname+$Initial
$SAMAccountLower = $SAMAccountName.ToLower()
$UserPrincipalName = $Surname+$Initial
$HD = "U"
$HDir = "\\RBHFILRED002\"
$AC = "Users_01$\"
$DH = "Users_02$\"
$IM = "Users_03$\"
$NS = "Users_04$\"
$TZ = "Users_05$\"
$Folder = if ($SInitial -in 'a','b','c'){$AC}
      ElseIf ($SInitial -in 'd','e','f', 'g','h'){$DH}
      ElseIf ($SInitial -in 'i','j','k', 'l','m'){$IM}
      ElseIf ($SInitial -in 'n','o','p', 'q','r','s'){$NS}
      Else {$TZ}

$group1 = "zz Everyone"
$group2 = "Safeboot Domain Users"
cls

#endregion

#region User Creation

# Create The User

Get-ChildItem
New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -EmailAddress $Mail -UserPrincipalName $Surname$Initial@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru
Add-ADGroupMember -Identity $group1  -Members $SAMAccountName
Add-ADGroupMember -Identity $group2  -Members $SAMAccountName
Write-Host " "

cls
echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.."
Start-Sleep -s 30

Enable-Mailbox -Identity $SAMAccountName
cls

#endregion

Hopefully my code is clear, and can be understood & hopefully you guys are able to offer support. 希望我的代码清晰,可以理解并且希望你们能够提供支持。

Pre-Emptive Thank You 先发制人谢谢

EDIT BELOW 在下面编辑

So I've expanded on the script, using a suggestion below. 因此,我使用以下建议对脚本进行了扩展。 

#region User Creation

# Create The User


$i = 1
$AccountCreated = $False
Do {
Try {
New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -EmailAddress $Mail -UserPrincipalName $Surname$Initial@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru 
Add-ADGroupMember -Identity $group1 -Members $SAMAccountName
Add-ADGroupMember -Identity $group2 -Members $SAMAccountName
Set $AccountCreated to $True
}
Catch {
New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial$I -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -UserPrincipalName $Surname$Initial$I@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru 
Add-ADGroupMember -Identity $group1 -Members $SAMAccountName
Add-ADGroupMember -Identity $group2 -Members $SAMAccountName
Increment $I
}
}
Until ($AccountCreated -eq $True)

cls
echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.."
Start-Sleep -s 30

Enable-Mailbox -Identity $SAMAccountName
cls

#endregion

#region Post-Creation

echo "Username:" $SAMAccountName
Write-Host " "
echo "Password:" "Welcome123"
Write-Host " "
echo "Email:" $Mail
Write-Host " "
echo "Job Title - Department:" $Description
Write-Host " "
echo "Home Directory:" $HDir$Folder$Surname$Initial
Write-Host " "

#endregion

However, this creates the account. 但是,这将创建帐户。 But doesn't update the exchange creation with the incremented username (so doesn't create a mailbox), does not create the correct home directory, and does not echo the correct details based on if it's incremented. 但是不会使用增加的用户名来更新交换创建(因此不会创建邮箱),不会创建正确的主目录,也不会根据增加的内容回显正确的详细信息。

I cannot figure out how to now do this 我现在不知道该怎么做

EDIT TWO 编辑两个

Following further help from James C, I have created the following code. 在James C的进一步帮助下,我创建了以下代码。 However, it does not create a Mail account. 但是,它不会创建一个邮件帐户。 And Now Throws out an error. 现在抛出一个错误。 

$defaultname = $SAMAccountName
$i = 1
cls

#endregion

#region User Creation

# Create The User


While ((Get-ADUser -Identity $SAMAccountName) -ne $null){
$SamAccountName = $defaultname + [string]$i
$i++
}

$NewUserParams = @{
path                  = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk"
SamAccountName        = $SAMAccountName
Name                  = $DisplayName
DisplayName           = $DisplayName
GivenName             = $GivenName
Surname               = $Surname
EmailAddress          = $Mail
UserPrincipalName     = "$SAMAccountName@rbbh-tr.nhs.uk"
Title                 = $title
HomeDrive             = $HomeDrive
HomeDirectory         = "$HDir$Folder$SAMAccountName"
Description           = $Description
ChangePasswordAtLogon = $true
PasswordNeverExpires  = $false
AccountPassword       = $defpassword
Enabled               = $true
}

New-ADUser @NewUserParams
Add-ADGroupMember -Identity $group1  -Members $SAMAccountName
Add-ADGroupMember -Identity $group2  -Members $SAMAccountName

cls
echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.."
Start-Sleep -s 30

Enable-Mailbox -Identity $SAMAccountName
cls

#endregion

#region Post-Creation

echo "Username:" $SAMAccountName
Write-Host " "
echo "Password:" "Welcome123"
Write-Host " "
echo "Email:" $Mail
Write-Host " "
echo "Job Title - Department:" $Description
Write-Host " "
echo "Home Directory:" $HDir$Folder$SAMAccountName
Write-Host " "

#endregion

It produces the following Error 它产生以下错误 

Name        : Microsoft.Exchange.Management.PowerShell.E2010
PSVersion   : 1.0
Description : Admin Tasks for the Exchange Server

Name        : Microsoft.Exchange.Management.Powershell.Support
PSVersion   : 1.0
Description : Support Tasks for the Exchange Server

This tool is to be used for creating User Accounts for the RBFT Domain under Ultima Business Solutions only. If this     applies, please hit any key to continue.

Get-ADUser : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:139 char:9
+ While ((Get-ADUser -Identity $SAMAccountName) -ne $null){
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (TimmsJ1:ADUser) [Get-ADUser],     ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'.,Microsoft.ActiveDirectory.Management.Comm  ands.GetADUser

New-ADUser : An attempt was made to add an object to the directory with a name that is already in use At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:163 char:1
+ New-ADUser @NewUserParams
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (CN=Timms James,...tr,DC=nhs,DC=uk 
   :String) [New-ADUser], ADException
+ FullyQualifiedErrorId : An attempt was made to add an object to the dire ctory with a name that is already in use,Microsoft.ActiveDirectory.Managem  ent.Commands.NewADUser

Add-ADGroupMember : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:164 char:1
+ Add-ADGroupMember -Identity $group1  -Members $SAMAccountName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (TimmsJ1:ADPrincipal) [Add-ADGro upMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Micros oft.ActiveDirectory.Management.Commands.AddADGroupMember

Add-ADGroupMember : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:165 char:1
+ Add-ADGroupMember -Identity $group2  -Members $SAMAccountName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (TimmsJ1:ADPrincipal) [Add-ADGro upMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox..
Enable-Mailbox : The operation couldn't be performed because object 'TimmsJ1' couldn't be found on 'ad1.rbbh-tr.nhs.uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:171 char:1
+ Enable-Mailbox -Identity $SAMAccountName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (0:Int32) [Enable-Mailbox], Manage mentObjectNotFoundException
+ FullyQualifiedErrorId : 2B788636,Microsoft.Exchange.Management.Recipient Tasks.EnableMailbox

Username:
TimmsJ1

Password:
Welcome123

Email:
James.Timms@royalberkshire.nhs.uk

Job Title - Department:
Ultima - Ultima

Home Directory:
\\RBHFILRED002\Users_05$\TimmsJ1

You will need to manually set the new user's group memberships. Please Do 
This Before Sending The User's Account Details.


Press Any Key To Close

It creates the User account and Email if $SAMAccount is duplicate, however if the GivenName and Surname are duplicates it will not create the account at all. 如果$ SAMAccount是重复的,它将创建用户帐户和电子邮件,但是,如果GivenName和Surname是重复的,它将根本不会创建该帐户。

It's for the National Health Trust in the UK, so obviously a lot of employees, especially ones with common names will have duplicate names. 它是针对英国国家卫生信托基金(National Health Trust)的,因此很明显,很多员工,特别是名字通用的员工,都将拥有重复的姓名。

Any fix for this? 有什么解决办法吗?

Edit Three 编辑三

Kind of fixed the issue above, by creating a new string. 通过创建新的字符串,可以解决上述问题。 However, it still remains that that account will refuse to create if the First + Second name are duplicates of another. 但是,仍然存在的是,如果“名+第二名”与另一个名称重复,则该帐户将拒绝创建。

This is an issue as stated previously, due to the fact there are many people within the NHS that have the same name. 如前所述,这是一个问题,原因是NHS中有许多同名人员。 

#region Data Generation

$DisplayName = $Surname + " " + $GivenName

$Mail = $GivenName + "." + $Surname + "@" + "royalberkshire.nhs.uk"

$MailAlias = $GivenName + "." + $Surname + "@" + $DNSRoot2

$SInitial = $Surname[0]
$Initial = $GivenName[0]
$SAMAccountName = $Surname + "" + $Initial
$SAMAccountLower = $SAMAccountName.ToLower()
$UserPrincipalName = $Surname+$Initial
$HD = "U"
$HDir = "\\RBHFILRED002\"
$AC = "Users_01$\"
$DH = "Users_02$\"
$IM = "Users_03$\"
$NS = "Users_04$\"
$TZ = "Users_05$\"

$Folder = if ($SInitial -in 'a','b','c'){$AC}
      ElseIf ($SInitial -in 'd','e','f', 'g','h'){$DH}
      ElseIf ($SInitial -in 'i','j','k', 'l','m'){$IM}
      ElseIf ($SInitial -in 'n','o','p', 'q','r','s'){$NS}
      Else {$TZ}

$group1 = "zz Everyone"
$group2 = "Safeboot Domain Users"

$defaultname = $SAMAccountName
$email = $GivenName + "." + $Surname
$i = 1
cls

#endregion

#region User Creation

# Create The User

While ((Get-ADUser -Identity $SAMAccountName -ErrorAction SilentlyContinue) -ne $null){
$SamAccountName = $defaultname + [string]$i
$Mail = $email + [string]$i + "@" + "royalberkshire.nhs.uk"
$i++

}

$NewUserParams = @{
path                  = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk"
SamAccountName        = $SAMAccountName
Name                  = $DisplayName
DisplayName           = $DisplayName
GivenName             = $GivenName
Surname               = $Surname
EmailAddress          = $Mail
UserPrincipalName     = "$SAMAccountName@rbbh-tr.nhs.uk"
Title                 = $title
HomeDrive             = $HomeDrive
HomeDirectory         = "$HDir$Folder$SAMAccountName"
Description           = $Description
ChangePasswordAtLogon = $true
PasswordNeverExpires  = $false
AccountPassword       = $defpassword
Enabled               = $true
}

New-ADUser @NewUserParams
Add-ADGroupMember -Identity $group1  -Members $SAMAccountName
Start-Sleep -s 10
Add-ADGroupMember -Identity $group2  -Members $SAMAccountName

cls
echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.."
Start-Sleep -s 30

Enable-Mailbox -Identity $SAMAccountName
cls

#endregion

Once again, any Ideas? 再说一次,有什么想法吗?

3 个解决方案

解决方案1
 3  2018-06-05 09:13:18

Using a Do/While loop with Get-ADUser to search for a free username and $VariableName++ to increment the number for the username each loop. Get-ADUser使用Do / While循环来搜索免费的用户名,并使用$VariableName++来增加每个循环中用户名的数量。

Also updated your New-ADUser command to use splatting as this makes it much easier to read. 还更新了您的New-ADUser命令以使用splatting,因为这使它更易于阅读。 

#didn't include rest of your code above here as it hasn't changed

$group1 = "zz Everyone"
$group2 = "Safeboot Domain Users"

$defaultname = $SAMAccountName
$i = 1

While ((Get-ADUser -Identity $SAMAccountName -ErrorAction SilentlyContinue) -ne $null){
    $SamAccountName = $defaultname + [string]$i
    $i++
}

$NewUserParams = @{
    path                  = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk"
    SamAccountName        = $SAMAccountName
    Name                  = $DisplayName
    DisplayName           = $DisplayName
    GivenName             = $GivenName
    Surname               = $Surname
    EmailAddress          = "$GivenName.$Surname$i@royalberkshire.nhs.uk"
    UserPrincipalName     = "$SAMAccountName@rbbh-tr.nhs.uk"
    Title                 = $title
    HomeDrive             = $HomeDrive
    HomeDirectory         = "$HDir$Folder$Surname$Initial"
    Description           = $Description
    ChangePasswordAtLogon = $true
    PasswordNeverExpires  = $false
    AccountPassword       = $defpassword
    Enabled               = $true
}

New-ADUser @NewUserParams
Add-ADGroupMember -Identity $group1  -Members $SAMAccountName
Add-ADGroupMember -Identity $group2  -Members $SAMAccountName

Write-Output "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.."
Start-Sleep -s 30
Enable-Mailbox -Identity $SAMAccountName

解决方案2
 -1  2018-06-05 07:32:21

you could put your account creation in a do until loop with a try catch inside ie something like this semi sudo code 您可以将您的帐户创建放入“直到直到”循环中,并在其中进行尝试捕获,即类似此半sudo代码的内容 

$i = 1
$AccountCreated = $False
Do {
$i = 1
$AccountCreated = $False
$AccountName = $Surname$Initial
Do {
Try {
New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName 
$AccountName = $Surname$Initial -Name $DisplayName -DisplayName $DisplayName 
-GivenName $GivenName -Surname $Surname -EmailAddress $Mail - 
UserPrincipalName $AccountName@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD - 
HomeDirectory $HDir$Folder$AccountName -Description $Description - 
ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword 
$defpassword -Enabled $true -PassThru 
Add-ADGroupMember -Identity $group1 -Members $SAMAccountName
Add-ADGroupMember -Identity $group2 -Members $SAMAccountName
Set $AccountCreated to $True
}
Catch {
$AccountName = $Surname$Initial + $i
Increment $I
}
}
}
Until ($AccountCreated -eq $True)

解决方案3
 -1  2018-06-05 07:58:28

ok just to give you the idea try something like this 好的,只是为了给您这个主意,尝试这样的事情 

$Myusername = "test"
$Mastername = $Myusername
For ($i=0; $i -le 10; $i++) {
Write-Host $Myusername
$myusername = $Mastername + $i
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Powershell 脚本在 AD 中添加计算机 - Powershell script to add computer in AD 使用 powershell 添加具有自定义属性的 AD 帐户 - add AD account with custom attribute using powershell PowerShell将安全性AD帐户添加到SharePoint组 - PowerShell to add Security AD Account into SharePoint Group 在PowerShell脚本末尾添加命令 - Add a command at the end of the PowerShell script Powershell脚本将计算机名添加到AD组 - powershell script to add computername to AD group 将多个用户添加到 AD powershell 脚本 - Add multiple users to AD powershell script Powershell获取计算机名称并添加到AD组 - Powershell get computer name and add to AD group PowerShell脚本,用于在检查AD帐户是否存在时重置 - PowerShell script to reset AD account when checked if it exists or not 使用Powershell启用AD帐户 - Enabling AD account using powershell Powershell脚本,用于在AD上搜索数量有限的用户的属性 - Powershell script for searching properties for a limited number of users on the AD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM