现在我有一个在域中创建用户的代码。您传递 3 个变量并创建帐户。它可以很好地创建帐户。
由于我们雇用了数百人,它还需要能够处理新帐户,这些新帐户最终可能会生成与现有帐户相同的名称。
我想要的是让它看到当前生成的用户名已经是一个现有帐户,并提示输入自定义用户名,然后继续创建。截至目前,如果我运行代码并发生冲突,代码将不会运行错误。
"New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide"
我目前拥有的是:
param($firstname, $lastname, $location)
Import-Module ActiveDirectory
$username = ($firstname.Substring(0,1) + $lastname).ToLower()
$userExists = Get-ADUser -Filter {sAMAccountName -eq $username}
if ($userExists -ne $null) {
Write-Host "The username '$username' already exists in Active Directory. Please enter a custom username:"
$customUsername = Read-Host
$username = $customUsername
}
$path = "OU=Users,OU=$location,OU=GS,DC=domain,DC=com"
New-ADUser `
-Name "$firstname $lastname" `
-GivenName $firstname `
-Surname $lastname `
-UserPrincipalName "[email protected]" `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString "Password123" -AsPlainText -Force) `
-Path $path `
-ProfilePath "\\domain\homes\profiles\$username" `
-ChangePasswordAtLogon 1 `
-Enabled 1 `
-OtherAttributes @{'gidNumber'='711132'; 'uid'= '$username'} `
Add-ADGroupMember `
-Identity "$location" -Members $username
$user = Get-ADUser -Identity $username
$sid = $user.SID
$last4DigitsOfObjectSid = $sid.Value.Substring($sid.Value.Length - 4)
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $username -Replace @{'uidNumber'=$newUidNumber}
您可以使用 while 循环来测试用户名是否已被使用,然后再继续创建新用户。
此外,我建议使用 splatting 将所有用户参数保持在一个干净的结构中,而不必使用那些讨厌的反引号(或非常非常长的代码行)
如果您还指定开关
PassThru
New-ADUser cmdlet 将立即返回新创建的用户对象,因此您可以省略额外的 Get-ADUser 调用。
param($firstname, $lastname, $location)
Import-Module ActiveDirectory
$path = "OU=Users,OU=$location,OU=GS,DC=domain,DC=com"
$username = ($firstname.Substring(0,1) + $lastname).ToLower()
# test if the username (=SamAccountName) is unique
while ((Get-ADUser -Filter "SamAccountName -eq '$username'")) {
Write-Warning "The username '$username' already exists in Active Directory."
$username = Read-Host "Please enter a new custom username. Leave empty to quit."
if ([string]::IsNullOrWhiteSpace($username)) { exit }
}
# create a splatting Hashtable for the parameters of New-ADUser
$userParams = @{
Name = "$firstname $lastname"
GivenName = $firstname
Surname = $lastname
UserPrincipalName = "[email protected]"
SamAccountName = $username
# always use single quotes around a hardcoded password to avoid string interpolation
AccountPassword = (ConvertTo-SecureString 'Password123' -AsPlainText -Force)
Path = $path
ProfilePath = "\\domain\homes\profiles\$username"
ChangePasswordAtLogon = $true
Enabled = $true
OtherAttributes = @{'gidNumber'='711132'; 'uid'= $username}
# have New-ADUser return the user object
PassThru = $true
}
$user = New-ADUser @userParams
# calculate the UidNumber from the users SID
$last4DigitsOfObjectSid = $user.SID -replace '.*(\d{4})$', '$1'
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $user -Replace @{'uidNumber'=$newUidNumber}
# and add the new user to the group
# here $location is both the name of a group AND the name for the OU
Add-ADGroupMember -Identity $location -Members $user