Powershell 如果ADgroup中存在用户，如何跳过？（Active Directory电源外壳）_Powershell_Active Directory

Powershell 如果ADgroup中存在用户，如何跳过？（Active Directory电源外壳）

powershell active-directory

Powershell 如果ADgroup中存在用户，如何跳过？（Active Directory电源外壳）,powershell,active-directory,Powershell,Active Directory,我创建了一个PS脚本，用于在电子邮件属性包含“abc.com”或“def.com”且组中现有用户将跳过该过程时向组中添加Aduser。下面是我的剧本 import-module ActiveDirectory $Users = Get-ADUser -Filter * -Properties emailaddress $existingUsers = Get-ADgroupmember "Test_group" foreach ($user in $Users) { #if user

我创建了一个PS脚本，用于在电子邮件属性包含“abc.com”或“def.com”且组中现有用户将跳过该过程时向组中添加Aduser。下面是我的剧本

import-module ActiveDirectory

$Users = Get-ADUser -Filter * -Properties emailaddress
$existingUsers = Get-ADgroupmember "Test_group"

foreach ($user in $Users) {
    #if user existing in the group, Skip this process
    if (($existingUsers | Where-Object { $_.sAMAccountName -eq $user.sAMAccountName }) -eq $null) {
        #if user email attribute contain "abc.com" or "def.com"
        if ($user.emailaddress -match "abc.com" -or $user.emailaddress -match "def.com") {
            $GroupMembers = Get-ADGroupMember -Identity "test_group" | Select -ExpandProperty SamAccountName
            if ($User.SamAccountName -NotContains $GroupMembers) {
                Add-ADGroupMember -Identity "test_group" -Members $User
            }
        }
    }
}

但是，在执行之后，有2个返回错误，如下所示

我在ADWS配置中添加了

“add key=“MaxGroupOrMemberEntries”value=“200000”

，但问题仍然存在

Get-ADGroupMember:无法联系服务器。这可能是因为此服务器不存在、当前已关闭或没有运行.At的Active Directory Web服务 C:\scripts\AutoAddUserToGroup.ps1:15字符：50

+$GroupMembers=Get ADGroupMember如下面的示例所示，我使用

Get ADUser

命令的

-Filter

参数仅返回我需要添加到测试组的ADUser

#Clear Console
Clear-Host

#Import Modules
Import-Module ActiveDirectory

#Show verbose output
$VerbosePreference = 'Continue' 

#Script Settings
$EmailDomains = @('*@abc.com', '*@def.com') #EmailDomains to check for.
$ADGroup = "CN=Test_Group,OU=Groups,DC=corp,DC=company,DC=com" #Group Membership to check for.

#Create EmailDomains Filter for AD Query
$EmailDomains_Filter = ($EmailDomains | ForEach-Object {"(emailaddress -like '$($_)')"}) -join ' -or '

# Get AD users with specified emailadresses wich are not memberof specified group
$ADUsers = Get-ADUser -filter "($($EmailDomains_Filter)) -and (-not (MemberOf -eq '$($ADGroup)'))" -Properties emailaddress

#Show amount of users we need to add.
$ADUsers_Measure = $ADUsers | Measure-Object
Write-Verbose "Found $($ADUsers_Measure.Count) ADUsers that match EmailDomains_Filter but are not MemberOf $($ADGroup)"

要将用户添加到指定的组，您有两个选项，一次全部添加（更快）

或每个用户（更多控制）

这段代码根本不有效，请使用带有适当过滤器的Get ADUser，这就是您所需要的，几分钟后将发布一个示例。

Add-ADGroupMember -Identity $ADGroup -Members $ADUsers

foreach ($ADUser in $ADUsers) {
    Write-Verbose "Adding User $($ADUser.SamAccountName) to group $($ADGroup)"
    Add-ADGroupMember -Identity $ADGroup -Members $ADUser
}