Powershell不会将AD用户添加到组中 [英] AD users don't get added to groups by powershell
本文介绍了Powershell不会将AD用户添加到组中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个脚本,用于将用户添加到活动目录.已创建用户(尽管有一些问题我将为其创建单独的问题),但是未将用户添加到组中,并出现未找到组的错误.但我确认这些团体都在广告中.这是我现在拥有的代码:
I have a script for adding a user to the active directory. The user gets created (although there are some issues for which I'll create separate questions), but the user is not added to the groups, with the error that groups were not found. But I confirmed the groups are in the AD. This is the code I have now:
$Orig_exec_policy = Get-ExecutionPolicy
Set-ExecutionPolicy Bypass -Force
<# This form was created using POSHGUI.com a free online gui designer for PowerShell
.NAME
Untitled
#>
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()
#region Window properties
$AD_user_creation = New-Object system.Windows.Forms.Form
$AD_user_creation.ClientSize = '480,740'
$AD_user_creation.text = "AD user creation - WG Mustang"
$AD_user_creation.TopMost = $false
#endregion
[void]$AD_user_creation.SuspendLayout()
#region Real name of the user
$Display_name_lbl = New-Object system.Windows.Forms.Label
$Display_name_lbl.text = "User`'s real name"
$Display_name_lbl.AutoSize = $true
$Display_name_lbl.width = 25
$Display_name_lbl.height = 10
$Display_name_lbl.location = New-Object System.Drawing.Point(10,10)
$First_name_val = New-Object system.Windows.Forms.TextBox
$First_name_val.multiline = $false
$First_name_val.width = 120
$First_name_val.height = 20
$First_name_val.location = New-Object System.Drawing.Point(200,10)
$Second_name_val = New-Object system.Windows.Forms.TextBox
$Second_name_val.multiline = $false
$Second_name_val.width = 120
$Second_name_val.height = 20
$Second_name_val.location = New-Object System.Drawing.Point(330,10)
$Display_name_val = New-Object system.Windows.Forms.Label
$Display_name_val.Text = ""
$Display_name_val.width = 250
$Display_name_val.height = 20
$Display_name_val.location = New-Object System.Drawing.Point(200,40)
#endregion
#region User name of the user
$User_name_lbl = New-Object system.Windows.Forms.Label
$User_name_lbl.text = "User logon name"
$User_name_lbl.AutoSize = $true
$User_name_lbl.width = 25
$User_name_lbl.height = 10
$User_name_lbl.location = New-Object System.Drawing.Point(10,70)
$User_name_val = New-Object system.Windows.Forms.TextBox
$User_name_val.multiline = $false
$User_name_val.width = 250
$User_name_val.height = 20
$User_name_val.location = New-Object System.Drawing.Point(200,70)
#endregion
#region Account password
$Password_lbl = New-Object system.Windows.Forms.Label
$Password_lbl.text = "Password"
$Password_lbl.AutoSize = $true
$Password_lbl.width = 25
$Password_lbl.height = 10
$Password_lbl.location = New-Object System.Drawing.Point(10,100)
$Password_ini_val = New-Object system.Windows.Forms.MaskedTextBox
$Password_ini_val.multiline = $false
$Password_ini_val.width = 250
$Password_ini_val.height = 20
$Password_ini_val.UseSystemPasswordChar = $true
$Password_ini_val.location = New-Object System.Drawing.Point(200,100)
$Password_conf_val = New-Object system.Windows.Forms.MaskedTextBox
$Password_conf_val.multiline = $false
$Password_conf_val.width = 250
$Password_conf_val.height = 20
$Password_conf_val.UseSystemPasswordChar = $true
$Password_conf_val.location = New-Object System.Drawing.Point(200,130)
#endregion
#region Location of the user
$Location_lbl = New-Object system.Windows.Forms.Label
$Location_lbl.text = "Location"
$Location_lbl.AutoSize = $true
$Location_lbl.width = 25
$Location_lbl.height = 10
$Location_lbl.location = New-Object System.Drawing.Point(10,160)
$Location_val = New-Object system.Windows.Forms.TextBox
$Location_val.multiline = $false
$Location_val.text = "OU=Users,OU=ADM,DC=Domain,DC=com"
$Location_val.width = 250
$Location_val.height = 20
$Location_val.location = New-Object System.Drawing.Point(200,160)
#endregion
#region Checkboxes
$Must_chg_pass = New-Object system.Windows.Forms.CheckBox
$Must_chg_pass.text = "User must change password at next logon"
$Must_chg_pass.AutoSize = $false
$Must_chg_pass.width = 290
$Must_chg_pass.height = 20
$Must_chg_pass.location = New-Object System.Drawing.Point(200,190)
$Cannot_chg_pass = New-Object system.Windows.Forms.CheckBox
$Cannot_chg_pass.text = "User cannot change password"
$Cannot_chg_pass.AutoSize = $false
$Cannot_chg_pass.width = 250
$Cannot_chg_pass.height = 20
$Cannot_chg_pass.location = New-Object System.Drawing.Point(200,220)
$Cannot_chg_pass.Checked = $true
$Pass_not_expires = New-Object system.Windows.Forms.CheckBox
$Pass_not_expires.text = "Password never expires"
$Pass_not_expires.AutoSize = $false
$Pass_not_expires.width = 250
$Pass_not_expires.height = 20
$Pass_not_expires.location = New-Object System.Drawing.Point(200,250)
$Pass_not_expires.Checked = $true
$Account_disabled_val = New-Object system.Windows.Forms.CheckBox
$Account_disabled_val.text = "Account is active"
$Account_disabled_val.AutoSize = $false
$Account_disabled_val.width = 250
$Account_disabled_val.height = 20
$Account_disabled_val.location = New-Object System.Drawing.Point(200,280)
$Account_disabled_val.Checked = $false
#endregion
#region Description
$GECOS_lbl = New-Object system.Windows.Forms.Label
$GECOS_lbl.text = "Description"
$GECOS_lbl.AutoSize = $true
$GECOS_lbl.width = 25
$GECOS_lbl.height = 10
$GECOS_lbl.location = New-Object System.Drawing.Point(10,310)
$GECOS_val = New-Object system.Windows.Forms.TextBox
$GECOS_val.multiline = $false
$GECOS_val.width = 250
$GECOS_val.height = 20
$GECOS_val.location = New-Object System.Drawing.Point(200,310)
#endregion
#region Group membership
$ADGroups_lbl = New-Object system.Windows.Forms.Label
$ADGroups_lbl.text = "AD Groups"
$ADGroups_lbl.AutoSize = $true
$ADGroups_lbl.width = 25
$ADGroups_lbl.height = 10
$ADGroups_lbl.location = New-Object System.Drawing.Point(10,340)
$ADGroups_val = New-Object system.Windows.Forms.TextBox
$ADGroups_val.multiline = $true
$ADGroups_val.width = 250
$ADGroups_val.height = 160
$ADGroups_val.location = New-Object System.Drawing.Point(200,340)
#endregion
#region Additional attributes
$Ext_Attribute5_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute5_lbl.Text = "Extension Attribute5"
$Ext_Attribute5_lbl.AutoSize = $true
$Ext_Attribute5_lbl.Width = 25
$Ext_Attribute5_lbl.Height = 10
$Ext_Attribute5_lbl.Location = New-Object System.Drawing.Point(10,510)
$Ext_Attribute5_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute5_val.Text = "Company name"
$Ext_Attribute5_val.Multiline = $false
$Ext_Attribute5_val.Width = 250
$Ext_Attribute5_val.Height = 20
$Ext_Attribute5_val.Location = New-Object System.Drawing.Point(200,510)
$Ext_Attribute10_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute10_lbl.Text = "Extension Attribute10"
$Ext_Attribute10_lbl.AutoSize = $true
$Ext_Attribute10_lbl.Width = 25
$Ext_Attribute10_lbl.Height = 10
$Ext_Attribute10_lbl.Location = New-Object System.Drawing.Point(10,540)
$Ext_Attribute10_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute10_val.Text = "Region"
$Ext_Attribute10_val.Multiline = $false
$Ext_Attribute10_val.Width = 250
$Ext_Attribute10_val.Height = 20
$Ext_Attribute10_val.Location = New-Object System.Drawing.Point(200,540)
$Ext_Attribute15_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute15_lbl.Text = "Extension Attribute15"
$Ext_Attribute15_lbl.AutoSize = $true
$Ext_Attribute15_lbl.Width = 25
$Ext_Attribute15_lbl.Height = 10
$Ext_Attribute15_lbl.Location = New-Object System.Drawing.Point(10,570)
$Ext_Attribute15_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute15_val.Text = "EH/WH"
$Ext_Attribute15_val.Multiline = $false
$Ext_Attribute15_val.Width = 250
$Ext_Attribute15_val.Height = 20
$Ext_Attribute15_val.Location = New-Object System.Drawing.Point(200,570)
$Job_Title_lbl = New-Object System.Windows.Forms.Label
$Job_Title_lbl.Text = "Job title"
$Job_Title_lbl.AutoSize = $true
$Job_Title_lbl.Width = 25
$Job_Title_lbl.Height = 10
$Job_Title_lbl.Location = New-Object System.Drawing.Point(10,600)
$Job_Title_val = New-Object System.Windows.Forms.TextBox
$Job_Title_val.Text = "NA"
$Job_Title_val.Multiline = $false
$Job_Title_val.Width = 250
$Job_Title_val.Height = 20
$Job_Title_val.Location = New-Object System.Drawing.Point(200,600)
$Department_lbl = New-Object System.Windows.Forms.Label
$Department_lbl.Text = "Department"
$Department_lbl.AutoSize = $true
$Department_lbl.Width = 25
$Department_lbl.Height = 10
$Department_lbl.Location = New-Object System.Drawing.Point(10,630)
$Department_val = New-Object System.Windows.Forms.TextBox
$Department_val.Text = "NA"
$Department_val.Multiline = $false
$Department_val.Width = 250
$Department_val.Height = 20
$Department_val.Location = New-Object System.Drawing.Point(200,630)
$Company_lbl = New-Object System.Windows.Forms.Label
$Company_lbl.Text = "Company"
$Company_lbl.AutoSize = $true
$Company_lbl.Width = 25
$Company_lbl.Height = 10
$Company_lbl.Location = New-Object System.Drawing.Point(10,660)
$Company_val = New-Object System.Windows.Forms.TextBox
$Company_val.Text = "IBM"
$Company_val.Multiline = $false
$Company_val.Width = 250
$Company_val.Height = 20
$Company_val.Location = New-Object System.Drawing.Point(200,660)
#endregion
#region Buttons
$Confirm_Button = New-Object system.Windows.Forms.Button
$Confirm_Button.BackColor = "#00ff00"
$Confirm_Button.text = "OK"
$Confirm_Button.width = 100
$Confirm_Button.height = 30
$Confirm_Button.location = New-Object System.Drawing.Point(200,690)
$Confirm_Button.Font = 'Microsoft Sans Serif,10,style=Bold'
$Create_ADuser = {
if ($Password_ini_val.Text -cne $Password_conf_val.Text)
{
[System.Windows.MessageBox]::Show("Passwords don't match")
} elseif ($Password_ini_val.Text.Length -lt 8)
{
[System.Windows.MessageBox]::Show("Password is too short")
} else {
$password = $Password_ini_val.Text | ConvertTo-SecureString -AsPlainText -Force
$Display_name = $Display_name_val.Text + " [ADM]"
New-ADUser -GivenName $First_name_val.Text -Surname $Second_name_val.Text -DisplayName $Display_name -AccountPassword $password -Path $Location_val.Text -Name $User_name_val.Text`
-CannotChangePassword $Cannot_chg_pass.Checked -PasswordNeverExpires $Pass_not_expires.Checked -ChangePasswordAtLogon $Must_chg_pass.Checked -Enabled $Account_disabled_val.Checked`
-Description $GECOS_val.Text -OtherAttributes @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text;'ExtensionAttribute9' = "People";'ExtensionAttribute10' = $Ext_Attribute10_val.Text;`
'ExtensionAttribute11' = "Other";'ExtensionAttribute12' = "No";'ExtensionAttribute14' = "NA";'ExtensionAttribute15' = $Ext_Attribute15_val.Text;'Division' = "WG Mustang"}`
-Office "NA" -OfficePhone "NA" -Title $Job_Title_val.Text -Department $Department_val.Text -Company $Company_val.Text -SamAccountName $User_name_val.Text -PassThru | `
Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
$AD_user_creation.Close()
}
}
$Confirm_Button.add_Click($Create_ADuser)
$Cancel_button = New-Object system.Windows.Forms.Button
$Cancel_button.BackColor = "#ff0000"
$Cancel_button.text = "Cancel"
$Cancel_button.width = 100
$Cancel_button.height = 30
$Cancel_button.location = New-Object System.Drawing.Point(350,690)
$Cancel_button.Font = 'Microsoft Sans Serif,10,style=Bold'
<#$Cancel = {
$AD_user_creation.Close()
exit
}#>
$Cancel_button.add_Click({
$AD_user_creation.Close()
exit
})
$AD_user_creation.AcceptButton = $Confirm_Button
$AD_user_creation.CancelButton = $Cancel_button
#endregion
$AD_user_creation.controls.AddRange(@($Display_name_lbl,$First_name_val,$Second_name_val,$User_name_lbl,$Display_name_val,$User_name_val,$Password_lbl,$Password_ini_val,$Password_conf_val,$Location_lbl,`
$Location_val,$Must_chg_pass,$Cannot_chg_pass,$Pass_not_expires,$Account_disabled_val,$GECOS_lbl,$GECOS_val,$ADGroups_lbl,$ADGroups_val,$Ext_Attribute5_lbl,$Ext_Attribute5_val,$Ext_Attribute10_lbl,`
$Ext_Attribute10_val,$Ext_Attribute15_lbl,$Ext_Attribute15_val,$Job_Title_lbl,$Job_Title_val,$Department_lbl,$Department_val,$Company_lbl,$Company_val,$Confirm_Button,$Cancel_button))
$showFullName = { $Display_name_val.Text = ($First_name_val.Text + " " + $Second_name_val.Text) }
[void]$Second_name_val.Add_Leave( { & $showFullName } )
[void]$First_name_val.Add_Leave( { & $showFullName } )
[void]$AD_user_creation.ResumeLayout()
$result = $AD_user_creation.ShowDialog()
[void]$AD_user_creation.Dispose()
Set-ExecutionPolicy $Orig_exec_policy -Force
最初,我没有将 -passthru 参数添加到New-ADUser(第268行),而是在 Add-ADPrincipalGroupMembership cmdlet的另一行中添加了 -Identity 参数,但是在上面的代码中尝试了实际的解决方案,但没有成功.我验证了 $ ADGroups_val.Text 是否包含放在相应文本框中的组名.知道为什么不添加组吗?
Originally I didn't put the -passthru parameter to the New-ADUser (row 268) and added the Add-ADPrincipalGroupMembership cmdlet at a separate row with -Identity parameter instead, but tried the actual solution in the code above, when that didn't work. I verified that the $ADGroups_val.Text contains the group names put in the respective textbox.
Any idea why the groups aren't added?
推荐答案
用于 New-ADUser cmdlet的编码存在一些不良的格式设置问题.因此,很难发现某些反引号在错误的位置.
The coding you use for the New-ADUser cmdlet has some bad formatting problems. Because of this, it is hard to spot that some backticks are in the wrong place.
使用 Splatting 帮助使代码更具可读性/可维护性.
Using Splatting helps the code to become more readable/maintainable.
通过在变量中捕获 New-ADUser 的输出(为此,您需要添加 PassThru 开关),可以首先测试是否创建了新用户是否,并且仅当您具有有效的用户对象时,才将其添加到组中:
By capturing the output of New-ADUser in a variable (for that you need to add the PassThru switch), you can first test if the new user is created or not and only if you have a valid user object, add it to the group:
$params = @{
'GivenName' = $First_name_val.Text
'Surname' = $Second_name_val.Text
'DisplayName' = $Display_name
'AccountPassword' = $password
'Path' = $Location_val.Text
'Name' = $User_name_val.Text
'CannotChangePassword' = $Cannot_chg_pass.Checked
'PasswordNeverExpires' = $Pass_not_expires.Checked
'ChangePasswordAtLogon' = $Must_chg_pass.Checked
'Enabled' = $Account_disabled_val.Checked
'Description' = $GECOS_val.Text
'Office' = "NA"
'OfficePhone' = "NA"
'Title' = $Job_Title_val.Text
'Department' = $Department_val.Text
'Company' = $Company_val.Text
'SamAccountName' = $User_name_val.Text
'OtherAttributes' = @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text
'ExtensionAttribute9' = "People"
'ExtensionAttribute10' = $Ext_Attribute10_val.Text
'ExtensionAttribute11' = "Other"
'ExtensionAttribute12' = "No"
'ExtensionAttribute14' = "NA"
'ExtensionAttribute15' = $Ext_Attribute15_val.Text
'Division' = "WG Mustang"}
'PassThru' = $true
}
$newUser = New-ADUser @params
if ($newUser) {
$newUser | Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
}
else {
[System.Windows.MessageBox]::Show("Error creating new user")
}
这篇关于Powershell不会将AD用户添加到组中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
