Active directory Powershell未将用户添加到广告组
我在下面的脚本中检查了以下条件:Active directory Powershell未将用户添加到广告组,active-directory,powershell-5.0,Active Directory,Powershell 5.0,我在下面的脚本中检查了以下条件: 检查何时创建用户并仅筛选不早于30天的帐户 在开始与组织合作时检查数据(在说明中) 在他们开始与组织合作的同时,将他们添加到适当的组中 代码如下: $DateMaxTime = (Get-date).AddDays(0) $DateMaxTimeNew = (Get-date).AddDays(-30) $usersRO = Get-ADUser -Filter * -Properties * -SearchBase "OU=Users,OU=Res
$DateMaxTime = (Get-date).AddDays(0)
$DateMaxTimeNew = (Get-date).AddDays(-30)
$usersRO = Get-ADUser -Filter * -Properties * -SearchBase "OU=Users,OU=Resources,OU=Romania,OU=Country,DC=I,DC=Love,DC=Donuts"|where {$_.Description -like "*TEMP*" -or $_.Description -like "*PERM*" } |select samaccountname,description,name
$groupsRO = 'EXTERNALACCESS'
###########################
ForEach($groupRO in $groupsRO){
$membersRO = Get-ADGroupMember -Identity $groupRO -Recursive | Select -ExpandProperty samaccountname
Foreach ($userRO in $usersRO){
$AcountNameRO = $userRO.samaccountname
$DatePartRONew = get-aduser -identity $AcountNameRO -Properties * | Select-Object whenCreated
$DatePartSubsRONew = $DatePartRONew.whenCreated
$DataPartROdesc=$userRO.description
$expressionRO = ([regex]'(\d{2}/\d{2}/\d{4})').Match($DataPartROdesc).Groups[0].Value
$DatePartRO= $expressionRO
$FinalDateRO = [datetime]::ParseExact($DatePartRO,'dd/MM/yyyy',$null)
If ($DatePartSubsRONew -lt $DateMaxTimeNew){
Write-Host "$AcountNameRO ouf of date scope"}
else {Write-Host "$AcountNameRO in scope"
If ((get-date $FinalDateRO.Date) -eq (get-date $DateMaxTime.Date)){
Write-Host "$AcountNameRO is a today Starter"
If ($membersRO -notcontains $AcountNameRO ) {
Write-Host "Adding external group $groupRO for: $AcountNameRO"
Add-ADGroupMember -Identity "EXTERNALACCESS" -Members $AcountNameRO
[array]$FinalResultRO += New-Object psobject -Property @{User=$AcountNameRO}
}
Else {Write-Host "$AcountNameRO exists in group $groupRO"}
}Else {Write-Host "$AcountNameRO is not a Starter"}
}
}
}
$listRO = [array]$FinalResultRO |Select User |Out-String
$listRO.gettype()
#
if ([string]::IsNullOrEmpty($listRO){
Write-Host "nothing to send"
}
Else {
Write-Host "Mail sent"
Send-MailMessage -From "Donut@love.com" -To "ITsystemL@love.com" -Subject "Following users have been granted external access rights" -smtpServer "internalrelay.donut.love.com" -body "$($listRO)"
}
我对其他国家也有相同的代码(在一个脚本中还有4个国家),它可以工作(我只是复制粘贴)
奇怪的是,当我收到邮件时,用户已被授予组权限,但在罗马尼亚,情况就是这样:
- 我收到了一封邮件,用户通过脚本选择了组“外部”
- 当我签入AD时,GRUP不会被分配(我使用复制进行检查,但这不是它)
- 其他国家也有同样的代码,而且它是有效的