我正在尝试编写一个脚本来在 PowerShell 的组中添加成员,我写的下面的脚本对我来说似乎是正确的,但它不起作用。请帮助
$grpname = Read-Host "Please enter group name:"
$group = Get-AzureADGroup -filter "DisplayName eq '$grpname'"
$groupId = $group.ObjectId
$job = Read-Host "Please enter Job title:"
$userjob = Get-AzADUser -filter "Jobtitle eq '$job'"
$userId = $userjob.Id
foreach ($userId in $userIds) {
Add-AzureADGroupMember -ObjectId $groupId -RefObjectId $userId
}
Write-Output " You can see bellow members of ($grpname) : "
Get-AzureADGroupMember -ObjectId "$groupId"
除了 Halfix 在他们的评论中提到的,您的代码没有什么特别的错误,唯一可能发生的事情是没有发现用户的
jobTitle
等于 $job
中的用户输入。另外,您应该将代码迁移到 Graph 模块,因为 AzureAD 模块将很快被弃用:
以下是使用 Graph Cmdlet 时代码的外观:
$grpname = Read-Host "Please enter group name"
$group = Get-MgGroup -Filter "DisplayName eq '$grpname'"
if(-not $group) {
return "No group found with displayName '$grpName'"
}
if($group.Count -gt 1) {
return "Multiple groups found with displayName '$grpName'"
}
$job = Read-Host "Please enter Job title"
$users = Get-MgUser -Filter "jobTitle eq '$job'"
if(-not $users) {
return "No users found with jobTitle '$job'"
}
foreach($user in $users) {
New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $user.Id
}
"You can see bellow members of ($grpname):"
Get-MgGroupMember -GroupId $group.Id
执行此操作所需的权限是GroupMember.ReadWrite.All 和User.ReadWrite.All。请参阅 Graph API 文档的权限部分。