在Powershell安全组脚本中捕获错误
当有人请求访问某个组时,在工作中编写脚本以节省从安全组所有者处获得批准的时间 它工作正常,但不是很好。我们的想法是在Outlook2010中创建一个草稿,自动填充SG经理的电子邮件地址,主题由分析师输入。正文包含请求用户办公室、部门、经理和职务 这一切都很好,但没有错误捕获,因此,例如,如果分析师输入的组名错误或令人恼火的是在末尾有一个空格,它会保留上次运行时保存在在Powershell安全组脚本中捕获错误,powershell,Powershell,当有人请求访问某个组时,在工作中编写脚本以节省从安全组所有者处获得批准的时间 它工作正常,但不是很好。我们的想法是在Outlook2010中创建一个草稿,自动填充SG经理的电子邮件地址,主题由分析师输入。正文包含请求用户办公室、部门、经理和职务 这一切都很好,但没有错误捕获,因此,例如,如果分析师输入的组名错误或令人恼火的是在末尾有一个空格,它会保留上次运行时保存在$managerEmail中的信息(我想-like会对其进行排序,但不会) 而且,它只适用于一个用户、一个组、一封电子邮件,实际上可
$managerEmail
中的信息(我想-like
会对其进行排序,但不会)
而且,它只适用于一个用户、一个组、一封电子邮件,实际上可能有多个用户请求访问,或者一个用户请求访问多个组。我正在寻找一个正确方向的提示——我是否需要在其中使用某种循环来接受多个输入并创建多个电子邮件草稿
这是一个由一些脚本和我自己的非常新手的“代码”组成的混合体,所以我确信有些部分没有任何价值,所以任何清理建议都将受到赞赏,我对此不敏感,所以请分享任何想法
Get-Module -ListAvailable
Import-Module ActiveDirectory
#Below is user inputs required
$User = Read-Host -Prompt 'Input the user name'
$Group = Read-Host -Prompt 'Input Group Name'
$Notify = Read-Host -Prompt 'Input Notify Subject Line'
#Below is the user info
Get-ADUser -Filter {name -like $user}
if ($User -ne $null)
{
$Find = Get-ADUser $User -Server americas.cshare.net –Properties * |
Select-Object Office, Department, Name, Manager, Title
$Office = $Find.Office
$Dept = $Find.Department
$Title = $Find.Title
$Name = $Find.Name
$Usermanager = $Find.Manager
}
$UM = (get-aduser -Identity $Usermanager -Server americas.cshare.net -Properties Name);
$UserManagerName = $UM.Name;
#Below is get owner name and email need to add error catching
Get-ADGroup -Filter {name -like $Group} -Server americas.cshare.net -Properties ManagedBy |
ForEach-Object {
$managedBy = $_.ManagedBy;
if ($managedBy -ne $null)
{
$manager = (get-aduser -Identity $managedBy -Server americas.cshare.net -Properties emailAddress);
$managerName = $manager.Name;
$managerEmail = $manager.emailAddress;
}
else
{
$managerName = 'N/A';
$managerEmail = 'N/A';
}
Write-Output $_;
} |
Select-Object -Property @(
@{n = 'Group Name'; e = {$_.Name}}
@{n = 'Managed By Name'; e = {$managerName}}
@{n = 'Managed By Email'; e = {$managerEmail}}
)
#Below is the email part saves a draft to check yourself before sending
$ol = New-Object -comObject Outlook.Application
$mail = $ol.CreateItem(0)
$null = $Mail.Recipients.Add("$managerEmail")
$Mail.Subject = "$Notify"
$Mail.Body = @"
Dear $managerName,
$Name has requested to be added to the security group $Group
Job Role: $Title
Department: $Dept
Office: $Office
Manager: $UserManagerName
As the owner of $Group, can you review this request and approve/deny accordingly.
Please REPLY ALL when you respond.
Kind Regards,
Service Desk
"@
$Mail.Save()
所以我尝试了一下,添加了验证步骤,但实际上您并没有太多理由确切地进行“错误处理”。由于这个脚本依赖于大量的用户输入,所以我清理了这个过程。还解决了您的组搜索问题。筛选器不支持
-match
,因此我在组名的每一端添加了适当的通配符(以捕获这些不同的位)。不确定管道末尾的Select对象
用于什么,但它也以新对象
的形式存在
Import-Module -Name ActiveDirectory
#region User details
do {
$user = Read-Host -Prompt SID
$adArgs = @{
Identity = $user
Server = 'americas.cshare.net'
Properties = 'Office','Department','Name','Manager','Title'
ErrorAction = 'SilentlyContinue'
}
$user = Get-ADUser @adArgs
if (-not $user) {
'SID not found in Active Directory. Try again.'
}
} until ($user)
$userName = $user.Name
$userTitle = $user.Title
$userDept = $user.Department
$userOffice = $user.Office
$userManager = Get-ADUser -Identity $user.Manager -Server americas.cshare.net -Properties Name |
Select-Object -ExpandProperty Name
#endregion
#region Group details
do {
$group = Read-Host -Prompt Group
$adArgs = @{
Filter = "Name -like '*$group*'"
Server = 'americas.cshare.net'
Properties = 'ManagedBy'
ErrorAction = 'SilentlyContinue'
}
$adGroup = Get-ADGroup @adArgs
if (-not $adGroup) {
'Group not found in Active Directory. Try again.'
}
if ($adGroup.Count -gt 1) {
'Multiple groups found matching query. Try again.'
$adGroup = $null
}
} until ($adGroup)
try {
$adArgs = @{
Identity = $adGroup.ManagedBy
Server = 'americas.cshare.net'
Properties = 'emailAddress'
ErrorAction = 'Stop'
}
$groupManager = Get-ADUser @adArgs
} catch {
"Failed to retrieve '$group' manager! $_" # prints the AD error
Pause
Exit
}
$groupManagerName = $groupManager.Name
$groupManagerEmail = $groupManager.emailAddress
#endregion
$subject = Read-Host -Prompt Subject
New-Object -TypeName PSCustomObject -Property @{
'Group Name' = $group
'Managed By Name' = $groupManagerName
'Managed By Email' = $groupManagerEmail
}
#region Draft an email
$ol = New-Object -ComObject Outlook.Application
$mail = $ol.CreateItem(0)
$null = $mail.Recipients.Add($groupManagerEmail)
$mail.Subject = $subject
$mail.Body = @"
Dear $groupManagerName,
$userName has requested to be added to the security group $group
Job Role: $userTitle
Department: $userDept
Office: $userOffice
Manager: $userManager
As the owner of $group, can you review this request and approve/deny accordingly.
Please REPLY ALL when you respond.
Kind Regards,
Service Desk
"@
$mail.Save()
#endregion
Pause