尝试使用格式运算符创建变量,但变量的数据发生变化
Trying to create a variable with the format operator but the data for the variable changes
所以,我又开始处理 I was playing with a while back. It has changed a lot since its conception. But, it still basically pulls data from a CSV and creates the accounts in AD as needed. It worked pretty well but I ran into trouble when we noticed we had people without middle names. The middle initial is part of our password format. So, I've tried a few things, including recycling some of my ,但我似乎无法获得使用正确密码创建的 AD 帐户。该帐户已创建,但我永远无法使用该帐户应接受的信用进行身份验证。
我添加了我认为是相关的代码。这不是完整的脚本,因为它有 200 多行并且似乎运行良好,但是如果您想查看所有内容,请告诉我,我将编辑以下代码段。
有效的code-snippet只要孩子有中间名:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
首先尝试绕过缺失的中间名首字母:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
# Attempt #1 for Dealing with passwords for people without a middle initial.
IF([String]::IsNullOrEmpty($User.I)) {
$AccountPass = '{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')
} Else {
$AccountPass = '{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')
}
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = (ConvertTo-SecureString -String $AccountPass -AsPlainText -Force)
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
第二次尝试绕过缺失的中间名首字母:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
# Attempt #2 for Dealing with passwords for people without a middle initial.
If ($User.I -ne "") {
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
} Else {
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
} # End If
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = $AccountPass
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
如果我 运行 ADUserParams 我可以看到 AccountPassword 参数是 System.Security.SecureString 所以我认为这是一件好事。那么,我做错了什么?我想这两种方法中的任何一种都会起作用——只要我把所有事情都弄对了。但是,正如我所说,除非我恢复到无法处理没有中间首字母的帐户的旧代码,否则我无法进行身份验证。
我觉得你的顺序有点不对。在定义变量 $FirstName 和 $LastName 之前,您正在创建 $AccountPass。
这应该有效
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
# generate passwords
If (!([String]::IsNullOrEmpty($User.I))) {
# this person has an initial to use in the password
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
}
Else {
# this person does not have an initial to work with
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
}
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = $AccountPass
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
所以,我又开始处理
我添加了我认为是相关的代码。这不是完整的脚本,因为它有 200 多行并且似乎运行良好,但是如果您想查看所有内容,请告诉我,我将编辑以下代码段。
有效的code-snippet只要孩子有中间名:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
首先尝试绕过缺失的中间名首字母:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
# Attempt #1 for Dealing with passwords for people without a middle initial.
IF([String]::IsNullOrEmpty($User.I)) {
$AccountPass = '{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')
} Else {
$AccountPass = '{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')
}
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = (ConvertTo-SecureString -String $AccountPass -AsPlainText -Force)
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
第二次尝试绕过缺失的中间名首字母:
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
# Attempt #2 for Dealing with passwords for people without a middle initial.
If ($User.I -ne "") {
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
} Else {
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
} # End If
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = $AccountPass
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}
如果我 运行 ADUserParams 我可以看到 AccountPassword 参数是 System.Security.SecureString 所以我认为这是一件好事。那么,我做错了什么?我想这两种方法中的任何一种都会起作用——只要我把所有事情都弄对了。但是,正如我所说,除非我恢复到无法处理没有中间首字母的帐户的旧代码,否则我无法进行身份验证。
我觉得你的顺序有点不对。在定义变量 $FirstName 和 $LastName 之前,您正在创建 $AccountPass。
这应该有效
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating the user if the account doesn't already exist in AD.
ForEach ($User in $Users) {
[String]$LoginName = $User.'Stu Access Login'
If (-Not (Get-ADUser -Server $ADServer -Filter {SamAccountName -eq $LoginName})) {
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
# generate passwords
If (!([String]::IsNullOrEmpty($User.I))) {
# this person has an initial to use in the password
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f @(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
}
Else {
# this person does not have an initial to work with
$AccountPass = ConvertTo-SecureString -String (
'{0}{1}#{2}' -f @(
$FirstName[0].ToString().ToUpper(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
}
$ADUserParams = @{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.'I'
Surname = $LastName
DisplayName = "$FirstName $($User.'I') $LastName"
Description= $SchoolCodes[$User.School].Name
ScriptPath= "student.bat"
UserPrincipalName = "$LoginName@academic.mydomain.k12.pa.us"
EmailAddress = "$LoginName@mydomain.org"
Company = "$LoginName@mydomain.org"
EmployeeID = $User.'Other ID'
HomeDirectory = "$FileServer$LoginName"
HomeDrive = "Z:"
AccountPassword = $AccountPass
Enabled = $True
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f @(
$User.'Grad Year',
$SchoolCodes[$User.School].Name)
Server = $ADServer
WhatIf = $False
} # End ADUserParams
Try {
# Create new user.
New-ADUser @ADUserParams -Verbose -ErrorAction Stop
}
Catch {
# If there's an error, write the error to the event log.
Write-EventLog -LogName $EventLogName -Source $EventLogSources[0][1] -EntryType Warning -EventId $EventLogSources[0][0] -Message "Something went wrong with the creation of a new user, [$LoginName] : $_"
}}}