[英]How to add users to AD group and delete some specific user files based on first letters username with Powershell
hope someone could help, I'm unfortunatelly not a Powershell expert希望有人能提供帮助,不幸的是我不是 Powershell 专家
This is what I want:这就是我要的:
look up users in the AD within specific OUs, based on first letter(s) of username.根据用户名的第一个字母,在特定 OU 内的 AD 中查找用户。 Validate if they are member of a AD group, and if not;验证他们是否是 AD 组的成员,如果不是; delete some specific profile files of the user AND add the user to that specific group.删除用户的一些特定配置文件并将用户添加到该特定组。
Some part of the code I tried:我试过的部分代码:
Import-Module ActiveDirectory
# OUs needed to be searched for users
$OU1 = 'name of first OU'
$OU2 = 'name of 2nd OU'
$OU3 = 'name of 3rd OU'
# AD group where users needs to be added
$Group = 'name of group'
# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'
# Create an array with corresponding users
$userslist= @()
$users1 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU1 | select -ExpandProperty samAccountName
$users2 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU2 | select -ExpandProperty samAccountName
$users3 = Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $OU3 | select -ExpandProperty samAccountName
$userslist += $users1,$users2,$users3
# check membership of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName
# Delete userpref files of user when user is not member of the -name of group-
foreach ($user in $userslist)
{
If ($members -contains $user)
{
Write-host "$user exists in group, so userpref files won't be deleted"
}
Else
{
#if users doesn't exist in AD Group - delete userpref files of user
Write-host "$user doesn't exist in group, deleting userpref files of user"
Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -Force
}
}
# check if user is part of the group. if not, add it to the group
foreach ($user in $userslist)
{
If ($members -contains $user)
{
Write-host "$user exists in group, so user won't be added to group $group"
}
Else
{
#if users doesn't exist in AD Group - add them to AD Group
Write-host "$user doesn't exist in group, adding user to group $group"
Add-ADGroupMember $Group -Members $userslist
}
}
#end of script
for some reason the $userslist array is filled, but the foreach loop $user in $userslist doesn't work, $user is not filled in and it get errors like出于某种原因,$userslist 数组已填充,但 $userslist 中的 foreach 循环 $user 不起作用,$user 未填充,并且出现类似错误
Remove-Item : Cannot find path 'E:\\users\\pwrmenu\\UserPref' because it does not exist.删除项目:找不到路径“E:\\users\\pwrmenu\\UserPref”,因为它不存在。 Add-ADGroupMember : Cannot validate argument on parameter 'Members'. Add-ADGroupMember:无法验证参数“Members”上的参数。 The argument is null, empty, or an element of the argument collection contains a null value.参数为空、为空,或者参数集合的元素包含空值。
Hope that someone could help me!希望有人能帮助我! thanks!谢谢!
Edit @Andrew Ryan Davis,编辑@Andrew Ryan Davis,
sorry, not very familiar with this website yet抱歉,对这个网站还不是很熟悉
contents of $userslist: $userslist 的内容:
PS C:\\Users\\serverw> $userslist PS C:\\Users\\serverw> $userslist
WGoossensTest WGoossens测试
wgoossenstest2 wgoossenstest2
contents of $members: $members 的内容:
PS C:\\Users\\serverw> $members PS C:\\Users\\serverw> $members
username1用户名1
username2用户名2
username3用户名3
etc等等
Not sure why you wouldn't have anything populated in user.不知道为什么你不会在用户中填充任何东西。 I do see you have quite a bit of duplicated code as well as several chances for optimization.我确实看到您有相当多的重复代码以及一些优化机会。 If you keep the users as an object with a samaccountname property, you can speed up your where clause by not invoking a scriptblock.如果将用户保留为具有 samaccountname 属性的对象,则可以通过不调用脚本块来加速 where 子句。
$userslist | where samaccountname -notin $members
or或者
$userslist | where $members -notcontains samaccountname
You also check each user against the list of group members twice.您还根据组成员列表检查每个用户两次。 Check out the optimized version below.查看下面的优化版本。
Import-Module ActiveDirectory
# OUs needed to be searched for users
$OUs = 'name of first OU','name of 2nd OU','name of 3rd OU'
# AD group where users needs to be added
$Group = 'name of group'
# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'
# Create an array with corresponding users
$userslist = $ous | foreach {
Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $_ | select samaccountname
}
# Get member list of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName
# Delete userpref files of user when user is not member of the -name of group- and then add to the group
foreach($user in $userslist | where samaccountname -notin $members | select -ExpandProperty sAMAccountName)
{
Write-host "$user doesn't exist in group, deleting userpref files of user"
Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -WhatIf
Write-host "$user doesn't exist in group, adding user to group $group"
Add-ADGroupMember $Group -Members $user -whatif
}
#end of script
This does not provide feedback of users in the group.这不提供组中用户的反馈。 If you really want to see that then you can split them up and run each separately.如果您真的想看到它,那么您可以将它们分开并分别运行。
Import-Module ActiveDirectory
# OUs needed to be searched for users
$OUs = 'name of first OU','name of 2nd OU','name of 3rd OU'
# AD group where users needs to be added
$Group = 'name of group'
# Ask for 1st letter of username
$usernameletter = Read-Host -Prompt 'First letter(s) username'
# Create an array with corresponding users
$userslist = $ous | foreach {
Get-ADUser -Filter "SamAccountName -like '$usernameletter*'" -SearchBase $_ | select samaccountname
}
# Get member list of group
$members = Get-ADGroupMember -Identity $Group -Recursive | Select -ExpandProperty sAMAccountName
$notmembersof,$membersof = $userslist.where({$_.samaccountname -notin $members},'split')
# Delete userpref files of user when user is not member of the -name of group- and then add to the group
foreach($user in $notmembersof.sAMAccountName)
{
Write-host "$user doesn't exist in group, deleting userpref files of user"
Remove-Item -Path E:\users\$user\pwrmenu\UserPref\{F5BE2CE1-BF67-44E2-B5B3-5E081344A70E}* -WhatIf
Write-host "$user doesn't exist in group, adding user to group $group"
Add-ADGroupMember $Group -Members $user -whatif
}
foreach($user in $membersof.sAMAccountName)
{
Write-host "$user exists in group, so userpref files won't be deleted"
Write-host "$user exists in group, so user won't be added to group $group"
}
#end of script
Another issue you may have already ran into is your Add-ADGroupMember
targets the entire $userslist
instead of each $user
.您可能已经遇到的另一个问题是您的Add-ADGroupMember
目标是整个$userslist
而不是每个$user
。 I added -WhatIf so you can triple check what's going to happen before completing.我添加了 -WhatIf 这样你就可以在完成之前三重检查会发生什么。
Edit编辑
If $userlist
may be empty then we should do a check, something like.如果$userlist
可能是空的,那么我们应该做一个检查,比如。
if($null -eq $userlist){write-host "userlist is empty";break}
The error in your comment shows that $userlist
was empty, try these tests.您评论中的错误表明$userlist
为空,请尝试这些测试。
$members = 'test'
$userlist = 'test'
$match,$nomatch = $userlist.where({$_ -in $members},'split')
$members = 'test1'
$userlist = 'test'
$match,$nomatch = $userlist.where({$_ -in $members},'split')
Neither will error and in the first $match
will be populated and $nomatch
will be empty.也不会出错,并且在第一个$match
将被填充并且$nomatch
将为空。 In the second the opposite will be true.在第二种情况下,情况正好相反。 In neither case will it error like the one you saw.在任何一种情况下,它都不会像您看到的那样出错。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.