使用PowerShell检查AD中是否存在组 [英] Check if a group exists in AD using PowerShell
问题描述
我想为该组创建代码以检查该组是否存在。但是,我无法进行工作,因为它成功地仅将用户和部分成员添加到了该组中,而没有添加其他组,因为我设法在活动目录中创建了一个组,并且还从csv中读取了信息。这是我的代码和结果。似乎我总是在成功添加用户并包括添加组成员之后始终收到错误
I wanted to create the code for the group to check whether the group exist or not exist. However, I couldn't get to work as it was successful adding the user and part members of the group only one but not the other groups because I manage to create a group in active directory and also reading from the csv. Here is my code and the result. Seems I get the error always after it successfully adding the user and including adding the members of the group
结果
#Import required modules
Import-Module ActiveDirectory
# Prompt user for CSV file path
#$filepath = Read-Host -Prompt " Please enter the path to your CSV file".Trim()
#Store the data from Test.csv in the $listusers variable
$filepath = "C:\Test.csv"
# Create a new password for every each users
$securepassword = ConvertTo-SecureString "Password456!" -AsPlainText -Force
# Import the file into a variable
$listusers = Import-Csv $filepath
# Loop through each row and gather information
ForEach ($user in $listusers){
# #Getting values from the CSV headers contains the user's information
$fname = $user.'Frist Name'
$lname = $user.'Last Name'
$username = $user.'Username'
$emailaddress = $user.'Email Address'
$OUpath = $user.'Organizational Unit'
$users = Get-ADUser -Filter {SamAccountName -like $username}
# Echo output for the each new user
echo "Account created for $fname $lname in $OUpath"
#Check to see if the user already exists in AD
if ($users) # or (Get-ADUser -Filter {SamAccountName -eq $username})
{
#If user does exist, give a warning
Write-Warning "A user account with username $username already exist in Active Directory."
}
else
{
#if the user does not exist then proceed to create new account
# Create new AD user for each user read from the CSV file.
# The new account will be in created in OU directory path by the $Path variable
New-ADUser `
-SamAccountName $username `
-Name "$fname $lname" `
-GivenName $fname `
-Surname $lname ` -UserPrincipalName "$username@Razorfc.net" `
-Path $OUpath `
-AccountPassword $securepassword `
-EmailAddress $emailaddress `
-Enabled $True
}
}
#Add members of the group
Foreach($user in $listusers){
#Getting values from the CSV headers
$username = $user.'Username'
$groupmember = $user.'GroupName'
$groupmember2 = $user.'GroupName2'
$groupmember3 = $user.'GroupName3'
$GroupExists = Get-ADGroup -Filter {SamAccountName -like $groupmember}
$GroupExists2 = Get-ADGroup -Filter {SamAccountName -like $groupmember2}
$GroupExists3 = Get-ADGroup -Filter {SamAccountName -like $groupmember3}
$Members = Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName
$Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Select -ExpandProperty SAMAccountName
$Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Select -ExpandProperty SAMAccountName
##Check to see if the user is already member in AD. If the user is not a member it will then add into the members of the group
if($Members -contains $username) {
Write-Host "$username is member of $groupmember".Trim()
Write-Host "$username is member of $groupmember2".Trim()
Write-Host "$username is member of $groupmember3".Trim()
}
if ($GroupExists , $GroupExists2 , $GroupExists3){
Write-Warning "A group name $groupmember, $groupmember2, $groupmember3 did not exsist"
}
else {
Write-Host "$Username is not a member. Adding the account now".Trim()
#Add members of the group
add-ADGroupMember -Identity $groupmember -Members $Username
add-ADGroupMember -Identity $groupmember2 -Members $Username
add-ADGroupMember -Identity $groupmember3 -Members $Username
}
}
#Exit the program
Read-Host -Prompt "Press Enter to exit.".Trim()
这是错误:
Account created for John Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username John Doe already exist in Active Directory.
Account created for Jake Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jake Doe already exist in Active Directory.
Account created for Jane.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jane.D already exist in Active Directory.
Account created for Jim.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jim.Doe already exist in Active Directory.
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
John Doe is member of DL_Razorfc
John Doe is member of SI & Joko World's
John Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jake Doe is member of DL_Razorfc
Jake Doe is member of SI & Joko World's
Jake Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jane.D is member of DL_Razorfc
Jane.D is member of SI & Joko World's
Jane.D is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jim.Doe is member of DL_Razorfc
Jim.Doe is member of SI & Joko World's
Jim.Doe is member of PAN CI
推荐答案
的成员
如您所述,用户已成功添加到AD,然后只有您遇到错误。因此,您可以使用两种方法来避免该错误。您可以尝试使用
As you stated, the users are successfully added to the AD and then only you are getting the error. So you can avoid the error using two ways. You can try using
Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName | -ErrorAction SilentlyContinue
或者您可以尝试这样
try {
Get-ADComputer -Identity "something"
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Warning "AD computer object not found"
}
catch {}
这篇关于使用PowerShell检查AD中是否存在组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!