stackoom
  简体   繁体   中英

Adding group policies to new AD user

 原文  2021-10-01 19:23:02       powershell/ winforms/ if-statement

Question

Is there a way to add group policies to a new AD user in the same script? When I add the function of creating the new user to a button it only seems to make the new user at the end of the script, when I try to add the group policy to the variable $userName it cant find the user in AD. Can I get the new user to be made before the script ends? I also have to also declare the variable again for some reason.

function Creation {
    
    $firstName = $textbox_FirstName.Text
    $middleName = $textbox_MiddleName.Text
    $lastName = $textbox_Surname.Text
    $jobCode = $textbox_JobCode.Text
    $Password = $textbox_Password.Text | ConvertTo-SecureString -AsPlainText -Force
    
    if ($dropdown_FirstOU.Text -eq "Aberdeen") {
        $OU = "OU=Aberdeen,OU=UK,DC=Kuehne-Nagel,DC=local"
    } elseif ($dropdown_FirstOU.Text -eq "Kingpin") {
        $OU = "OU=Kingpin,OU=UK,DC=Kuehne-Nagel,DC=local"
    }
    
    if (($dropdown_FirstOU.Text -eq "Banbury") -and ($dropdown_SecondOU.Text -eq "Business Development")) {
        $OU = "OU=Business Development,OU=Banbury,OU=UK,DC=Kuehne-Nagel,DC=local"
    } elseif (($dropdown_FirstOU.Text -eq "Banbury") -and ($dropdown_SecondOU.Text -eq "CTI/Property")) {
        $OU = "OU=CTI / Property,OU=Banbury,OU=UK,DC=Kuehne-Nagel,DC=local"
    }

    if (($dropdown_FirstOU.Text -eq "London") -and ($dropdown_SecondOU.Text -eq "Heathrow03") -and ($dropdown_ThirdOU.Text -eq "Heathrow03")) {
        $OU = "OU=Heathrow03,OU=Heathrow03,OU=London,OU=UK,DC=Kuehne-Nagel,DC=local"
    }

    $Telephone = $textbox_Telephone.Text
    
    if ($textbox_MiddleName.Text -eq "") {
        $displayName = "$lastName, $firstName"
        $userName = "$firstName.$lastName"
    } else {
        $displayName = "$lastName, $firstName $middleName"
        $userName = "$firstName.$middleName.$lastName"
    }

    New-ADUser -Name "$userName" -GivenName "$firstName" -Surname "$lastName" -Initials "$middleName" -officephone "$Telephone" -samAccountName "$userName" -AccountPassword $Password -Enabled $True -DisplayName "$displayName / Kuehne + Nagel / $jobCode" -userPrincipalName "$userName@kuehne-nagel.local" -Path "$OU"
    Set-ADUser -Identity $userName -ChangePasswordAtLogon $true
}

function Template {

    $firstName = $textbox_FirstName.Text
    $middleName = $textbox_MiddleName.Text
    $lastName = $textbox_Surname.Text

    if ($textbox_MiddleName.Text -eq "") {
        $displayName = "$lastName, $firstName"
        $userName = "$firstName.$lastName"
    } else {
        $displayName = "$lastName, $firstName $middleName"
        $userName = "$firstName.$middleName.$lastName"
    }

    if ($RadioButton_IFF.Checked) {
        Add-ADGroupMember -Identity "Test1" -Members $UserName
    }
}

1 answers

solution1
 1 ACCPTED  2021-10-01 19:43:54

After you create the user ( New-ADUser ), you will have to retrieve the ADUser object in order to use it.

Example:

New-ADUser -Name "$userName" -GivenName "$firstName" -Surname "$lastName" -Initials "$middleName" -officephone "$Telephone" -samAccountName "$userName" -AccountPassword $Password -Enabled $True -DisplayName "$displayName / Kuehne + Nagel / $jobCode" -userPrincipalName "$userName@kuehne-nagel.local" -Path "$OU"
$UserName = Get-ADUser $userName

Then you can use $userName with the Set-ADUser and Add-ADGroupMember commands.

To be honest, it would be easier to use one function and include your condition in one.

Example:

function Creation {

$firstName = $textbox_FirstName.Text
$middleName = $textbox_MiddleName.Text
$lastName = $textbox_Surname.Text
$jobCode = $textbox_JobCode.Text
$Password = $textbox_Password.Text | ConvertTo-SecureString -AsPlainText -Force

if ($dropdown_FirstOU.Text -eq "Aberdeen") {
    $OU = "OU=Aberdeen,OU=UK,DC=Kuehne-Nagel,DC=local"
} elseif ($dropdown_FirstOU.Text -eq "Kingpin") {
    $OU = "OU=Kingpin,OU=UK,DC=Kuehne-Nagel,DC=local"
}

if (($dropdown_FirstOU.Text -eq "Banbury") -and ($dropdown_SecondOU.Text -eq "Business Development")) {
    $OU = "OU=Business Development,OU=Banbury,OU=UK,DC=Kuehne-Nagel,DC=local"
} elseif (($dropdown_FirstOU.Text -eq "Banbury") -and ($dropdown_SecondOU.Text -eq "CTI/Property")) {
    $OU = "OU=CTI / Property,OU=Banbury,OU=UK,DC=Kuehne-Nagel,DC=local"
}

if (($dropdown_FirstOU.Text -eq "London") -and ($dropdown_SecondOU.Text -eq "Heathrow03") -and ($dropdown_ThirdOU.Text -eq "Heathrow03")) {
    $OU = "OU=Heathrow03,OU=Heathrow03,OU=London,OU=UK,DC=Kuehne-Nagel,DC=local"
}

$Telephone = $textbox_Telephone.Text

if ($textbox_MiddleName.Text -eq "") {
    $displayName = "$lastName, $firstName"
    $userName = "$firstName.$lastName"
} else {
    $displayName = "$lastName, $firstName $middleName"
    $userName = "$firstName.$middleName.$lastName"
}

New-ADUser -Name "$userName" -GivenName "$firstName" -Surname "$lastName" -Initials "$middleName" -officephone "$Telephone" -samAccountName "$userName" -AccountPassword $Password -Enabled $True -DisplayName "$displayName / Kuehne + Nagel / $jobCode" -userPrincipalName "$userName@kuehne-nagel.local" -Path "$OU"
#new Part
$UserName = Get-ADUser $userName
$userName | Set-ADUser -ChangePasswordAtLogon $True
if ($RadioButton_IFF.Checked) {
        Add-ADGroupMember -Identity "Test1" -Members $UserName
    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding a User to AD group after checking in Powershell Error when adding new AD user PowerShell - Adding New User to Selection of AD Groups Adding AD group to another AD group Add Local Group User policies with powershell Changing AD User Group Memberships Powershell AD user group member Adding user to group after running New-ADUser Add AD user to group when creating the user? AD Permissions with a new user account
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM