stackoom
  简体   繁体   中英

Powershell: Error wieth Set-ADUser

 原文  2015-09-03 14:13:31       powershell/ active-directory

Question

I'm attempting to write a script that checks an AD OU for any accounts that are enabled, or set to not have a password required, or password never to expire, or not set to be hidden from the address list. Then, the script will disable any of those for security purposes. Here's the script so far: 

Function Update-ADUser 
{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$user
    )
BEGIN{}
PROCESS{
    Set-ADUser -instance $user -Server dc01 
    }
END{}
}

$lostUsers = Get-ADUser -filter {PasswordNotRequired -eq $true -or PasswordNeverExpires -eq $true -or Enabled -eq $true -or msExchHideFromAddressLists -eq $false } -SearchBase "OU=Lost Users,OU=DEPT,DC=School,DC=edu" -Server dc01  -properties enabled, PasswordNeverExpires, PasswordNotRequired, msExchHideFromAddressLists
foreach ($user in $lostUsers)
    {
        if ($user.PasswordNotRequired -eq $true)
        {
            $user.PasswordNotRequired = $false
        }

        if ($user.PasswordNeverExpires -eq $true)
        {
            $user.PasswordNeverExpires = $false
        }
        if ($user.msExchHideFromAddressLists -ne $true  )
        {
            $user.msExchHideFromAddressLists = $true
        }
        if ($user.Enabled -eq $true)
        {
            $user.Enabled = $false
        }
        Update-ADUser -user $user
    }

Most of the script runs fine. $lostUsers creates an array that uses Get-ADUser to search for only records that have one of the attributes required. Then my foreach/if statements set each attribute to what is should be for each record.

My problem occurs when I call the Update-ADUser function. I keep getting an error, Set-ADUser : The instance parameter object must be of type: 'Microsoft.ActiveDirectory.Management.ADUser'.

I tried removing the [string] from [string]$user in the function but that gives me another error, Set-ADUser : The server is unwilling to process the request. I'm using an domain admin account to run the script, so I know that's not causing this error.

I could use Set-ADUser in each if statement, instead of calling the Update-ADUser function, but that doesn't seem efficient as the script is then making up to four changes per record instead of just one with the function. I also thought about just using one statement to change all four attributes for all the found records, but that seems inefficient as well since some attributes were already correctly set and would thus just be written over again.

I can't figure out why the Set-ADUser command isn't working. I basically copied the syntax from the Set-ADUser help. Can anyone enlighten me on this?

1 answers

solution1
 0  2015-09-03 14:36:00

Dunno what I'm missing here but wouldn't replacing the line (at the very end of your foreach) 

Update-ADUser -user $user

with... 

Set-ADUser -instance $user -Server dc01

...do exactly what you want?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Powershell Set-ADUser userCertificate parameter type error How do I resolve PowerShell Set-ADUser Error powershell Set-Aduser Credentials - how to automate? Set-ADUser address attribute using PowerShell PowerShell Set-ADUser properties with Foreach Set-ADuser in Foreach Powershell set-aduser isn't updating AD? Powershell Set-ADUser doesn't run in scheduled task PowerShell change proxy addresses in Active Directory with Set-ADUser Powershell Pipeline Argument not gettings passed to Set-ADUser
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM