Powershell 循环迭代问题
Issue With Powershell Loop Iteration
当尝试 运行 下面的代码时,它似乎 运行 通过我的初始 foreach 循环两次。我没看到什么?感谢您的帮助。
$DC = Get-ADDomainController
$OUs = Get-ADOrganizationalUnit -Filter 'Name -eq "test"'
$TimeStamp = get-date -format D
$description = "Disabled on " + $TimeStamp
$canNotDisableUser = Get-ADGroupMember -Identity DoNotDisableUsers -Recursive | Select -ExpandProperty Name
$accounts = $null
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
}
在对这些类型的问题进行故障排除时可以为您节省大量时间的其中一件事是 "indentation"。养成始终确保正确缩进的习惯。
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
### YOU probably intend to close the foreach loop here. If so, Move the LAST brace to this place.
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
}
更正
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
}
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
当尝试 运行 下面的代码时,它似乎 运行 通过我的初始 foreach 循环两次。我没看到什么?感谢您的帮助。
$DC = Get-ADDomainController
$OUs = Get-ADOrganizationalUnit -Filter 'Name -eq "test"'
$TimeStamp = get-date -format D
$description = "Disabled on " + $TimeStamp
$canNotDisableUser = Get-ADGroupMember -Identity DoNotDisableUsers -Recursive | Select -ExpandProperty Name
$accounts = $null
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
}
在对这些类型的问题进行故障排除时可以为您节省大量时间的其中一件事是 "indentation"。养成始终确保正确缩进的习惯。
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
### YOU probably intend to close the foreach loop here. If so, Move the LAST brace to this place.
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
}
更正
# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
$accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
foreach($account in $accounts){
If ($canNotDisableUser -notmatch $account.Name){
Disable-ADAccount -Identity $account.DistinguishedName -Verbose
}
}
# Disable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf
# Move Disabled Users to Disabled Users OU & Add Timestamp to Description
Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
Set-ADUser $_ -Description $description -Verbose -WhatIf
Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
}
# Enable Protected from Accidental Deletion from OU
Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf