Powershell 没有将用户添加到 AD 组

编程问答 2022-05-12

问题描述

我在脚本下面检查了以下条件:

  1. 检查用户的创建时间并仅过滤不超过 30 天的帐户
  2. 检查他们何时开始与组织合作的数据(在说明中)
  3. 在他们开始与组织合作的同时将他们添加到适当的组

以下代码

$DateMaxTime = (Get-date).AddDays(0)
$DateMaxTimeNew = (Get-date).AddDays(-30)

$usersRO = Get-ADUser -Filter * -Properties * -SearchBase "OU=Users,OU=Resources,OU=Romania,OU=Country,DC=I,DC=love,DC=Donuts"|where {$_.Description -like "*TEMP*" -or $_.Description -like "*PERM*" } |select samaccountname,description,name
$groupsRO = 'EXTERNALACCESS'

###########################

ForEach($groupRO in $groupsRO){
$membersRO = Get-ADGroupMember -Identity $groupRO -Recursive | Select -ExpandProperty samaccountname
Foreach ($userRO in $usersRO){
$AcountNameRO = $userRO.samaccountname
$DatePartRONew = get-aduser -identity $AcountNameRO -Properties * | Select-Object whenCreated
$DatePartSubsRONew = $DatePartRONew.whenCreated
$DataPartROdesc=$userRO.description
$expressionRO = ([regex]'(\d{2}/\d{2}/\d{4})').Match($DataPartROdesc).Groups[0].Value
$DatePartRO= $expressionRO
$FinalDateRO = [datetime]::ParseExact($DatePartRO,'dd/MM/yyyy',$null)
    If ($DatePartSubsRONew -lt $DateMaxTimeNew){
    Write-Host "$AcountNameRO ouf of date scope"}
    else {Write-Host "$AcountNameRO in scope"
        If ((get-date $FinalDateRO.Date) -eq (get-date $DateMaxTime.Date)){
            Write-Host "$AcountNameRO is a today Starter"
            If ($membersRO -notcontains $AcountNameRO ) {
            Write-Host "Adding external group $groupRO for: $AcountNameRO"
            Add-ADGroupMember -Identity "EXTERNALACCESS" -Members $AcountNameRO 
            [array]$FinalResultRO += New-Object psobject -Property @{User=$AcountNameRO}
             } 
            Else {Write-Host "$AcountNameRO  exists in  group $groupRO"}
        }Else {Write-Host "$AcountNameRO is not a Starter"}
        }
    }
}

$listRO = [array]$FinalResultRO |Select User |Out-String
$listRO.gettype()
#

if ([string]::IsNullOrEmpty($listRO){
Write-Host "nothing to send"
}
Else {
Write-Host "Mail sent"
Send-MailMessage -From "Donut@love.com" -To "ITsystemL@love.com" -Subject "Following users have been granted external access rights" -smtpServer "internalrelay.donut.love.com" -body "$($listRO)"
}

我对其他国家也有相同的代码一个脚本中还有 4 个国家)并且它有效(我只是复制粘贴) 奇怪的是,当我收到用户已被授予组的邮件时,但在罗马尼亚的情况下会发生这种情况:

  • 我收到邮件用户 selectecby 脚本得到了组“外部”
  • 当我检查 AD 时,没有分配组(我检查复制,但不是这样)
  • 其他国家/地区具有相同的代码并且可以使用

这里可能有什么问题?

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

active-directorypowershell-5.0