"User is already a member of group" 时结束脚本
End Script when "User is already a member of group"
我有一个脚本可以用来自动将域用户添加到特定组中。它还包含一个 stop/restart 的第 3 方服务,将它们添加到安全的用户文件中。我希望此脚本在发现用户已经是组的一部分而不是 stop/start 服务时结束。这是我目前所拥有的:
Invoke-Command -ComputerName ServerNameHere -ScriptBlock {add-LocalGroupMember -Group "GroupNameHere" -Member $env:USERDOMAIN$env:USERNAME }
*--Add in line here that terminates the script once user is found to already be a member and not restart the service below*
Stop-Service -Name "ServiceNameHere"
timeout /t 5 /nobreak
Start-Service -Name "ServiceNameHere"
当我 运行 脚本时,我收到以下消息,这是正常的,然后脚本继续 运行,因此无论如何都会重新启动服务。
Domain\User is already a member of group GroupName
+ CategoryInfo : ResourceExists: (GroupName:String) [Add-LocalGroupMember], MemberExistsException
+ FullyQualifiedErrorId : MemberExists,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand
+ PSComputerName : ServerName
提前感谢您的帮助!
您可以在重新启动服务之前检查 Invoke-Command 的输出:
$Result = Invoke-Command -ComputerName ServerNameHere -ScriptBlock {
# Check whether user is already a member of group
If ((Get-LocalGroupMember 'GroupNameHere').Name -notcontains "$env:USERDOMAIN$env:USERNAME") {
Add-LocalGroupMember -Group 'GroupNameHere' -Member "$env:USERDOMAIN$env:USERNAME"
Write-Output $True
}
Else { Write-Output $False }
}
# If group membership changed, restart service:
If ($Result) {
Stop-Service -Name "ServiceNameHere"
timeout /t 5 /nobreak
Start-Service -Name "ServiceNameHere"
}
感谢@Cpt.Whale 帮助我。
我 运行正在进入 PowerShell“Get-LocalGroupMember - 无法比较数组中的两个元素。” here when you have orphaned SIDs. I came across this post here 中描述的错误帮助我弄清楚如何删除孤立的 SID。下面是新的完全可用的脚本。
重要说明:为此您需要 PowerShell V5.1。此外,您必须启用远程签名。从 Powershell 首先检查一个简单的“Set-ExecutionPolicy RemoteSigned”(也可以 运行“winrm quickconfig”)。
工作脚本:
$strComputer = 'ServerNameHere'
$serviceName = 'ServiceNameHere'
#Remove orphaned SIDs from Windows Local Groups
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$group = $computer.psbase.children.find("LocalGroupNameHere")
$group.Name
$Userlist = ([ADSI]"WinNT://$strComputer/LocalGroupNameHere").psbase.Invoke('Members') | % { ([ADSI]$_).InvokeGet('AdsPath') }
#For each user in that list, if the name is a SID, Remove the specific SID from the group.
foreach ($user in $Userlist) {
if ($user -like "WinNT://S-1-5-*") {
#Remove the specific SID from the group, as passed as a string (not an object).
$group.remove($user)}
}
$Result = Invoke-Command -ComputerName $strComputer -ScriptBlock {
# Check whether user is already a member of group
If ((Get-LocalGroupMember 'LocalGroupNameHere').Name -notcontains "$env:USERDOMAIN$env:USERNAME") {
Add-LocalGroupMember -Group 'LocalGroupNameHere' -Member "$env:USERDOMAIN$env:USERNAME"
Write-Output $True
}
Else { Write-Output $False }
}
# If group membership changed, restart service:
If ($Result) {
(get-service -ComputerName $strComputer -Name $serviceName).Stop()
timeout /t 5 /nobreak
(get-service -ComputerName $strComputer -Name $serviceName).Start()
}
我有一个脚本可以用来自动将域用户添加到特定组中。它还包含一个 stop/restart 的第 3 方服务,将它们添加到安全的用户文件中。我希望此脚本在发现用户已经是组的一部分而不是 stop/start 服务时结束。这是我目前所拥有的:
Invoke-Command -ComputerName ServerNameHere -ScriptBlock {add-LocalGroupMember -Group "GroupNameHere" -Member $env:USERDOMAIN$env:USERNAME } *--Add in line here that terminates the script once user is found to already be a member and not restart the service below* Stop-Service -Name "ServiceNameHere" timeout /t 5 /nobreak Start-Service -Name "ServiceNameHere"
当我 运行 脚本时,我收到以下消息,这是正常的,然后脚本继续 运行,因此无论如何都会重新启动服务。
Domain\User is already a member of group GroupName
+ CategoryInfo : ResourceExists: (GroupName:String) [Add-LocalGroupMember], MemberExistsException
+ FullyQualifiedErrorId : MemberExists,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand
+ PSComputerName : ServerName
提前感谢您的帮助!
您可以在重新启动服务之前检查 Invoke-Command 的输出:
$Result = Invoke-Command -ComputerName ServerNameHere -ScriptBlock {
# Check whether user is already a member of group
If ((Get-LocalGroupMember 'GroupNameHere').Name -notcontains "$env:USERDOMAIN$env:USERNAME") {
Add-LocalGroupMember -Group 'GroupNameHere' -Member "$env:USERDOMAIN$env:USERNAME"
Write-Output $True
}
Else { Write-Output $False }
}
# If group membership changed, restart service:
If ($Result) {
Stop-Service -Name "ServiceNameHere"
timeout /t 5 /nobreak
Start-Service -Name "ServiceNameHere"
}
感谢@Cpt.Whale 帮助我。
我 运行正在进入 PowerShell“Get-LocalGroupMember - 无法比较数组中的两个元素。” here when you have orphaned SIDs. I came across this post here 中描述的错误帮助我弄清楚如何删除孤立的 SID。下面是新的完全可用的脚本。
重要说明:为此您需要 PowerShell V5.1。此外,您必须启用远程签名。从 Powershell 首先检查一个简单的“Set-ExecutionPolicy RemoteSigned”(也可以 运行“winrm quickconfig”)。
工作脚本:
$strComputer = 'ServerNameHere'
$serviceName = 'ServiceNameHere'
#Remove orphaned SIDs from Windows Local Groups
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$group = $computer.psbase.children.find("LocalGroupNameHere")
$group.Name
$Userlist = ([ADSI]"WinNT://$strComputer/LocalGroupNameHere").psbase.Invoke('Members') | % { ([ADSI]$_).InvokeGet('AdsPath') }
#For each user in that list, if the name is a SID, Remove the specific SID from the group.
foreach ($user in $Userlist) {
if ($user -like "WinNT://S-1-5-*") {
#Remove the specific SID from the group, as passed as a string (not an object).
$group.remove($user)}
}
$Result = Invoke-Command -ComputerName $strComputer -ScriptBlock {
# Check whether user is already a member of group
If ((Get-LocalGroupMember 'LocalGroupNameHere').Name -notcontains "$env:USERDOMAIN$env:USERNAME") {
Add-LocalGroupMember -Group 'LocalGroupNameHere' -Member "$env:USERDOMAIN$env:USERNAME"
Write-Output $True
}
Else { Write-Output $False }
}
# If group membership changed, restart service:
If ($Result) {
(get-service -ComputerName $strComputer -Name $serviceName).Stop()
timeout /t 5 /nobreak
(get-service -ComputerName $strComputer -Name $serviceName).Start()
}