用於將特定AD OU的用戶添加到另一個AD組的腳本

Question

以管理員身份運行Powershell

我希望有一個腳本，我可以每天運行，將用戶從“cn = users，dc = costco，dc = com”添加到AD組“groupname”“CN = groupname，OU = Groups，DC = costco，DC = COM”

$When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'cn=users,dc=costco,dc=com' -Filter { whenCreated -ge $When } | add-adgroupmember -MemberOf 'groupname'

它出錯了

Add-ADGroupMember：找不到與參數名稱'MemberOf'匹配的參數。 在行：2 char：111 + ... ilter {whenCreated -ge $ When} | add-adgroupmember -MemberOf'groupname ... + ~~~~~~~~~ + CategoryInfo：InvalidArgument :( :) [Add-ADGroupMember]，ParameterBindingException + FullyQualifiedErrorId：NamedParameterNotFound，Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

我也在redditor的幫助下嘗試過

When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'CN=users,dc=costo,dc=com' -Filter { whenCreated -ge $When } | ForEach-Object { Add-ADGroupMember -Identity 'Groupname' -Members $_ }

錯誤：

Add-ADGroupMember：訪問權限不足以執行操作在行：2 char：109 + ... ach-Object {Add-ADGroupMember -Identity'groupname'-Member $ _} ... + ~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo ：NotSpecified :( groupname：ADGroup）[Add-ADGroupMember]，ADException + FullyQualifiedErrorId：ActiveDirectoryServer：8344，Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

Answer 1

要使第一個示例正常工作，您需要為命令提供管道值，而不是嘗試將其傳遞給實際管道。

嘗試：

$group = "NewUsers"    
Get-ADUser -SearchBase 'cn=users,dc=costco,dc=com' -Filter { whenCreated -ge $When } | %{ Add-ADGroupMember -Identity $Group -Members $_.samaccountname }