我正在尝试构建一个脚本,将组成员身份从 AD 中的一个用户复制到另一个用户。我正在尝试使用 powershell 来自动执行此任务。然而,我在为用户创建支票时陷入困境。换句话说,当我将组成员身份从一个用户复制到另一个用户时,我希望能够在添加用户之前运行检查以查看该用户是否已经是该组的成员,但是这样做可以避免诸如“此”之类的错误用户已经是该组的成员,无法再次添加”任何帮助或建议将不胜感激。我目前正在使用以下脚本。
$copy = Read-host "Enter user to copy from"
$Sam = Read-host " Enter user to copy to"
Function Copymembership {
$members = Get-ADUser -Identity $copyp -Properties memberof
foreach ($groups in $members.memberof){
if ($members -notcontains $groups.sAMAccountname)
{Add-ADGroupMember -Identity $groups -Member $sam -ErrorAction SilentlyContinue
Write-Output $groups}
}
}
copymembership
对两个用户使用 Get-ADUser。然后使用 -notcontains 运算符来过滤组。
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Member $CopyToUser
一行即可获取用户成员的内容。
Get-ADUser -Identity alan0 -Properties memberof | Select-Object -ExpandProperty memberof
一行将成员资格从一个用户复制到另一个用户。
Get-ADUser -Identity <UserID> -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members <New UserID>
对于这个想法来说,你的代码太复杂了。不确定是否可以在没有 Active Directory 模块的情况下完成
导入 ActiveDirectory 工具并使用内置 cmdlet 会更容易做到这一点。检查我的代码:
# import the Active Directory module in order to be able to use Get-ADUser and Add-ADGroupMember cmdlet
import-Module ActiveDirectory
# enter login name of the first user
$copy = Read-host "Enter username to copy from: "
# enter login name of the second user
$paste = Read-host "Enter username to copy to: "
# copy-paste process. Get-ADuser membership | then selecting membership | and add it to the second user
get-ADuser -identity $copy -properties memberof | select-object memberof -expandproperty memberof | Add-AdGroupMember -Members $paste
类似这样的内容应该告诉您组中是否包含特定成员:
If ((Get-ADGroup "Domain Admins" -Properties Members).Members -Contains (Get-ADUser "AdminBob").DistinguishedName) {write-host "Yes"}
可能有更简单的事情,但这是我首先想到的。
参数 ( [参数(强制=$true)][字符串]$CopyFromUser, [参数(强制=$true)][字符串]$CopyToUser )
$FromUserGroups = (Get-ADUser $CopyFromUser -Properties MemberOf).MemberOf
$CopyToUser = Get-ADUser $CopyToUser -Properties MemberOf
$FromUserGroups | Add-ADGroupMember -Members $CopyToUser
如果您想手动控制添加哪些组,那么这是 Out-GridView 的完美示例。过程与上面 TheMadTechnician 所解释的相同,只是在将其传递给 Add-ADGroupMember 之前,插入 Out-GridView。您甚至可以包含组描述或其他参数。
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$MissingGroups = Compare-Object $CopyFromUser $CopyToUser -Property MemberOf | ? SideIndicator -eq '<='
$GroupsObj = $MissingGroups.MemberOf | Get-ADGroup –prop Description | Select Name,Description
$GroupsObj | Out-GridView -PassThru | Add-ADGroupMember -Member $CopyToUser
我正在尝试构建脚本以将组成员身份从 AD 中的一个用户复制到另一个用户 我有一个域和 3 个不同的子域,请您检查一下脚本中是否有任何内容必须更改,因为它不起作用,谢谢
$From = Read-Host -Prompt "From User"
$to = Read-Host -Prompt "To User"
$CopyFromUser = Get-ADUser -Server "de.isringhausen.net" -Identity $From -Properties MemberOf
$Group = $CopyFromUser.MemberOf
$confirmation = Read-Host "Do you want to Copy Group Membership from $From to $to ? Press 'y' to Proceed or any key to Cancel"
if ($confirmation -eq 'y') {
$Group | Add-ADGroupMember -Members $to
clear
echo "($From) User's Group Memership has been Copied to User ($to)"
Pause
}
else {
Write-Host 'Task Cancelled'
}
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$MissingGroups = Compare-Object $CopyFromUser $CopyToUser -Property MemberOf | ? SideIndicator -eq '<='
$GroupsObj = $MissingGroups.MemberOf | Get-ADGroup –prop Description | Select Name ,Description
$Group2cp = $GroupsObj | Out-GridView -PassThru -Title "Select Goup to copy"
$Group2cp | Select-Object -ExpandProperty Name | Add-ADGroupMember -Members $CopyToUser
我目前正在做的是使用以下脚本,但仅在所需的访问权限相同的情况下将 Sg'S 从一个用户复制到另一个用户
$CopyFromUser = 获取 ADUser 用户1 -prop 成员 $CopyToUser = 获取 ADUser 用户2 -prop 成员 $CopyFromUser.MemberOf | $CopyFromUser.MemberOf | $CopyFromUser.MemberOf其中{$CopyToUser.MemberOf -notcontains $_} |添加-ADGroupMember -成员 $CopyToUser