使用 PowerShell 检查 AD 中是否存在组
[英]Check if a group exists in AD using PowerShell
问题描述
我想为组创建代码以检查组是否存在。 但是,我无法开始工作,因为它成功地仅添加了组的用户和部分成员而不是其他组,因为我设法在活动目录中创建了一个组并从 csv 中读取。 这是我的代码和结果。 似乎我总是在成功添加用户并包括添加组成员后收到错误
结果
#Import required modules
Import-Module ActiveDirectory
# Prompt user for CSV file path
#$filepath = Read-Host -Prompt " Please enter the path to your CSV file".Trim()
#Store the data from Test.csv in the $listusers variable
$filepath = "C:\Test.csv"
# Create a new password for every each users
$securepassword = ConvertTo-SecureString "Password456!" -AsPlainText -Force
# Import the file into a variable
$listusers = Import-Csv $filepath
# Loop through each row and gather information
ForEach ($user in $listusers){
# #Getting values from the CSV headers contains the user's information
$fname = $user.'Frist Name'
$lname = $user.'Last Name'
$username = $user.'Username'
$emailaddress = $user.'Email Address'
$OUpath = $user.'Organizational Unit'
$users = Get-ADUser -Filter {SamAccountName -like $username}
# Echo output for the each new user
echo "Account created for $fname $lname in $OUpath"
#Check to see if the user already exists in AD
if ($users) # or (Get-ADUser -Filter {SamAccountName -eq $username})
{
#If user does exist, give a warning
Write-Warning "A user account with username $username already exist in Active Directory."
}
else
{
#if the user does not exist then proceed to create new account
# Create new AD user for each user read from the CSV file.
# The new account will be in created in OU directory path by the $Path variable
New-ADUser `
-SamAccountName $username `
-Name "$fname $lname" `
-GivenName $fname `
-Surname $lname ` -UserPrincipalName "$username@Razorfc.net" `
-Path $OUpath `
-AccountPassword $securepassword `
-EmailAddress $emailaddress `
-Enabled $True
}
}
#Add members of the group
Foreach($user in $listusers){
#Getting values from the CSV headers
$username = $user.'Username'
$groupmember = $user.'GroupName'
$groupmember2 = $user.'GroupName2'
$groupmember3 = $user.'GroupName3'
$GroupExists = Get-ADGroup -Filter {SamAccountName -like $groupmember}
$GroupExists2 = Get-ADGroup -Filter {SamAccountName -like $groupmember2}
$GroupExists3 = Get-ADGroup -Filter {SamAccountName -like $groupmember3}
$Members = Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName
$Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Select -ExpandProperty SAMAccountName
$Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Select -ExpandProperty SAMAccountName
##Check to see if the user is already member in AD. If the user is not a member it will then add into the members of the group
if($Members -contains $username) {
Write-Host "$username is member of $groupmember".Trim()
Write-Host "$username is member of $groupmember2".Trim()
Write-Host "$username is member of $groupmember3".Trim()
}
if ($GroupExists , $GroupExists2 , $GroupExists3){
Write-Warning "A group name $groupmember, $groupmember2, $groupmember3 did not exsist"
}
else {
Write-Host "$Username is not a member. Adding the account now".Trim()
#Add members of the group
add-ADGroupMember -Identity $groupmember -Members $Username
add-ADGroupMember -Identity $groupmember2 -Members $Username
add-ADGroupMember -Identity $groupmember3 -Members $Username
}
}
#Exit the program
Read-Host -Prompt "Press Enter to exit.".Trim()
这是错误:
Account created for John Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username John Doe already exist in Active Directory.
Account created for Jake Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jake Doe already exist in Active Directory.
Account created for Jane.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jane.D already exist in Active Directory.
Account created for Jim.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jim.Doe already exist in Active Directory.
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
John Doe is member of DL_Razorfc
John Doe is member of SI & Joko World's
John Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jake Doe is member of DL_Razorfc
Jake Doe is member of SI & Joko World's
Jake Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jane.D is member of DL_Razorfc
Jane.D is member of SI & Joko World's
Jane.D is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jim.Doe is member of DL_Razorfc
Jim.Doe is member of SI & Joko World's
Jim.Doe is member of PAN CI
1 个解决方案
解决方案1
1 2018-08-18 13:10:55
正如您所说,用户已成功添加到 AD,然后只有您收到错误。 因此,您可以通过两种方式避免错误。 您可以尝试使用
Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName | -ErrorAction SilentlyContinue
或者你可以像这样尝试
try {
Get-ADComputer -Identity “something”
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Warning “AD computer object not found”
}
catch {}
检查用户是否是 AD 组的成员 - Powershell
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.