循环问题,脚本没有将正确的成员添加到组中
Loop issue, script not adding the correct members to groups
好的,所以先写代码:
import-module activedirectory
. "C:\Users\ben\Documents\Get-Directreport.ps1"
$ou = "ou=test, ou=Litmos, ou=Resources, ou=Groups, ou=company, dc=domain, dc=net"
$creds = "domain.net\ben"
$server = "dc01.domain.net"
$managers = get-adGroupMember -identity "CN=All Managers,OU=Organizational,OU=Groups,OU=company,DC=domain,DC=net" | select name, samaccountname
$name = $managers.name
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" | where {$_.name -replace 'Report to ' -in $name} | select name, samaccountname
$Reports = $reportsto.name
$underlings = Get-Directreport $name | select samaccountname
Foreach ($manager in $name) {
if ($manager -notin ($reports -replace 'Report to '))
{ new-adgroup -name "Report to $manager" -groupscope global -path $ou }
}
ForEach ($report in $reports) {
#Get-Directreport $name | select samaccountname
{add-adgroupmember -identity $report -members $underlings.samaccountname}
}
所以此脚本正确地创建了 'Report to $name' 组,并且添加了成员,但是此脚本创建的所有 300 个组都具有相同的成员集。我试过将 $underlings 行放在最后一个循环中,但这导致根本没有成员。我很确定那条线是罪魁祸首,但我想不通。
谢谢!
编辑
首先为我最初遗漏的内容道歉。我想这就是我在一天结束时匆忙的结果。无论如何,这段代码试图创建一系列新的 AD 安全组,即“向 x 报告”中提到的。它通过遍历“All Managers”组的成员来创建这些文件夹,X 变量将是每个 ALL Manager 成员的名称值。
然后我试图用相应的用户填充这些组。这就是它失败的地方。
Get-Directreport $name | select samaccountname 的行实际上 return 它应该做的。我可以 运行 整行在终端中包含 $underlings 并且 returns 是正确的。
我同意 Colyn1337,因为它就是那条线。我不确定如何让它迭代。
因此,在完成脚本一段时间后,我提供了一些更改和内嵌注释。请看
import-module activedirectory
. "C:\Users\ben\Documents\Get-Directreport.ps1"
$ou = "ou=test, ou=Litmos, ou=Resources, ou=Groups, ou=company, dc=domain, dc=net"
$creds = "domain.net\ben"
$server = "dc01.domain.net"
$managers = get-adGroupMember -identity "CN=All Managers,OU=Organizational,OU=Groups,OU=company,DC=domain,DC=net" |
Select-Object name, samaccountname
# remove this and just use $managers.name. No need to create this.
## $name = $managers.name
# Groups where name like "reports to $managersName"
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" |
Where-Object { $_.name -replace 'Report to ' -in $name } |
Select-Object name, samaccountname
# Same as before. No need for $Reports array. Just use $ReportsTo.Name were needed
## $Reports = $reportsto.name # AD Group names like "reports to <manager>'
# list of users for all managers? Does Get-Directreport take an array of managers or does it expect only 1 manager?
# If sending multiple managers does work, which it sounds like it doesn't, but if it did you would have an array of all direct reports
# for all managers in $name. This should probably be moved into the foreach ($manager in $name) loop
## $underlings = Get-Directreport $name | Select-Object samaccountname
Foreach ($manager in ($managers.Name))) {
# Creates missing "Report to <manager>" groups
if ($manager -notin (($ReportsTo.Name) -replace 'Report to ')) {
new-adgroup -name "Report to $manager" -groupscope global -path $ou
}
# Get managers direct reports
$underlings = Get-Directreports $manager | Select-Object samaccountname
# Get manager's "report to <manager> group again to update memebers"
$managerReportToGroup = Get-ADGroup -SearchBase $ou -Filter "Name -like 'Report to $manager'"
if ($managerReportToGroup) {
Add-ADGroupMember -identity $managerReportToGroup.Name -members $underlings.samaccountname
} else {
Write-Warning "Could not locate group for $manager"
}
}
# For each "reports to $managerName" group, adding direct reports found from Get-Directreports function/script
# $reports will not have any newly added groups from previous loop. Would need to call Get-AdGroup again
# Recommend moving loop up into $manager loop
## ForEach ($report in $reports) {
## #Get-Directreport $name | select samaccountname
## { add-adgroupmember -identity $report -members $underlings.samaccountname }
## }
好的,所以先写代码:
import-module activedirectory
. "C:\Users\ben\Documents\Get-Directreport.ps1"
$ou = "ou=test, ou=Litmos, ou=Resources, ou=Groups, ou=company, dc=domain, dc=net"
$creds = "domain.net\ben"
$server = "dc01.domain.net"
$managers = get-adGroupMember -identity "CN=All Managers,OU=Organizational,OU=Groups,OU=company,DC=domain,DC=net" | select name, samaccountname
$name = $managers.name
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" | where {$_.name -replace 'Report to ' -in $name} | select name, samaccountname
$Reports = $reportsto.name
$underlings = Get-Directreport $name | select samaccountname
Foreach ($manager in $name) {
if ($manager -notin ($reports -replace 'Report to '))
{ new-adgroup -name "Report to $manager" -groupscope global -path $ou }
}
ForEach ($report in $reports) {
#Get-Directreport $name | select samaccountname
{add-adgroupmember -identity $report -members $underlings.samaccountname}
}
所以此脚本正确地创建了 'Report to $name' 组,并且添加了成员,但是此脚本创建的所有 300 个组都具有相同的成员集。我试过将 $underlings 行放在最后一个循环中,但这导致根本没有成员。我很确定那条线是罪魁祸首,但我想不通。
谢谢!
编辑
首先为我最初遗漏的内容道歉。我想这就是我在一天结束时匆忙的结果。无论如何,这段代码试图创建一系列新的 AD 安全组,即“向 x 报告”中提到的。它通过遍历“All Managers”组的成员来创建这些文件夹,X 变量将是每个 ALL Manager 成员的名称值。
然后我试图用相应的用户填充这些组。这就是它失败的地方。
Get-Directreport $name | select samaccountname 的行实际上 return 它应该做的。我可以 运行 整行在终端中包含 $underlings 并且 returns 是正确的。
我同意 Colyn1337,因为它就是那条线。我不确定如何让它迭代。
因此,在完成脚本一段时间后,我提供了一些更改和内嵌注释。请看
import-module activedirectory
. "C:\Users\ben\Documents\Get-Directreport.ps1"
$ou = "ou=test, ou=Litmos, ou=Resources, ou=Groups, ou=company, dc=domain, dc=net"
$creds = "domain.net\ben"
$server = "dc01.domain.net"
$managers = get-adGroupMember -identity "CN=All Managers,OU=Organizational,OU=Groups,OU=company,DC=domain,DC=net" |
Select-Object name, samaccountname
# remove this and just use $managers.name. No need to create this.
## $name = $managers.name
# Groups where name like "reports to $managersName"
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" |
Where-Object { $_.name -replace 'Report to ' -in $name } |
Select-Object name, samaccountname
# Same as before. No need for $Reports array. Just use $ReportsTo.Name were needed
## $Reports = $reportsto.name # AD Group names like "reports to <manager>'
# list of users for all managers? Does Get-Directreport take an array of managers or does it expect only 1 manager?
# If sending multiple managers does work, which it sounds like it doesn't, but if it did you would have an array of all direct reports
# for all managers in $name. This should probably be moved into the foreach ($manager in $name) loop
## $underlings = Get-Directreport $name | Select-Object samaccountname
Foreach ($manager in ($managers.Name))) {
# Creates missing "Report to <manager>" groups
if ($manager -notin (($ReportsTo.Name) -replace 'Report to ')) {
new-adgroup -name "Report to $manager" -groupscope global -path $ou
}
# Get managers direct reports
$underlings = Get-Directreports $manager | Select-Object samaccountname
# Get manager's "report to <manager> group again to update memebers"
$managerReportToGroup = Get-ADGroup -SearchBase $ou -Filter "Name -like 'Report to $manager'"
if ($managerReportToGroup) {
Add-ADGroupMember -identity $managerReportToGroup.Name -members $underlings.samaccountname
} else {
Write-Warning "Could not locate group for $manager"
}
}
# For each "reports to $managerName" group, adding direct reports found from Get-Directreports function/script
# $reports will not have any newly added groups from previous loop. Would need to call Get-AdGroup again
# Recommend moving loop up into $manager loop
## ForEach ($report in $reports) {
## #Get-Directreport $name | select samaccountname
## { add-adgroupmember -identity $report -members $underlings.samaccountname }
## }