Powershell将用户添加到组 [英] Powershell add user to group
问题描述
我正在尝试读取包含用户信息的XML文件,并且基于该信息,我想将用户添加到Active Directory组中。到目前为止,我一直在没有任何帮助的情况下查找错误消息。这是将用户添加到组代码:
I am trying to read an XML file with user information and based on that information I want to add users to Active Directory groups. I have been looking up the error messages with no help so far. Here is the add user to group code:
$MyUsers = [xml] (Get-Content e:\sample.xml)
$a = 0
$b = 0
$c = 0
$OUServer = "servername.domain.domain.edu"
$AD3Server = "servername.domain.domain.edu"
$DSSPath = "cn=Atl-Users,OU=HR,DC=domain,DC=domain,DC=edu"
$AD3Path = "ou=Admin,DC=domain,DC=domain,DC=domain,DC=EDU"
$connection = "LDAP://$OUServer/$DSSPath"
LOOP LOGIC
{
$CurUser = $MyUsers.clusters.cluster[$a].departments.department[$b].people.person[$c].loginid
$Group = [adsi]"$connection"
$User = "LDAP://$AD3Server/$CurUser,$AD3Path"
$Group.Add($User)
}
这是我得到的错误
异常调用 Add 并带有 1 参数:服务器不愿意处理该请求。(HRESULT的异常:0x80072035)
Exception calling Add with 1 argument(s): "The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)"
这是一个可行的示例,您也许可以适应它。
Here is a working example, you perhaps can adapt it.
首先调用setinfo(),这是一种提交。
First you forget to call the setinfo(), which is a kind of commit.
第二,请注意 $ CurUser的值
的格式为'CN = XXXXX'
。
Clear-Host
# Connecting without User/Password to Active Directory
#$dn = [adsi] "LDAP://192.168.30.200:389/dc=dom,dc=fr"
# Connecting with User/Password to Active Directory
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://192.168.234.200:389/dc=dom,dc=fr","administrateur@dom.fr","admin")
# Creation of an OU
$Monou = $dn.create("OrganizationalUnit", "ou=Monou")
$Monou.put("Description", "Une description")
$Res = $Monou.Setinfo()
# Basic creation of a user
$objUtilisateur = $Monou.create("inetOrgPerson", "cn=Marc Assin")
$objUtilisateur.setinfo()
$objUtilisateur.samaccountname = "Massin"
$objUtilisateur.givenName = "Marc"
$objUtilisateur.sn = "Assin"
$objUtilisateur.userPrincipalName = "Massin@dom.fr"
# Set the state of the account
$objUtilisateur.pwdLastSet = 0
$objUtilisateur.userAccountControl = 544 #512
$objUtilisateur.SetInfo()
# Creation of a group
$MonGroupe = $Monou.Create("Group", "cn=MonGroupe")
$ADS_GROUP_TYPE_GLOBAL_GROUP = 0x00000002
$ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000
$groupeType = $ADS_GROUP_TYPE_SECURITY_ENABLED -bor $ADS_GROUP_TYPE_GLOBAL_GROUP
$MonGroupe.put("groupType",$groupeType)
$MonGroupe.setinfo()
# Adding user to a group
$MonGroupe.add('LDAP://cn=Marc Assin,ou=Monou,dc=dom,dc=fr')
$MonGroupe.setinfo()
这篇关于Powershell将用户添加到组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!