Powershell AD脚本

本文介绍了Powershell AD脚本-在帐户名末尾添加一个数字的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

关于这个可怕的脚本的另一个问题。我碰到了砖墙。 我组织中用户名的创建方式是SurnameInitial。但是，如果该帐户已经存在，我们会在末尾加一个数字。如果该数字存在，它将更改为下一个数字（TestT，TestT1，TestT2 ...等等）

Another question regarding this dreaded script. I have ran into a brick wall. The way usernames at my organisation are created, are SurnameInitial. However, if the account already exists we put a number on the end. If that number exists, it changes to the next number (TestT , TestT1 , TestT2 ... etc )

我不知道该如何执行脚本这样，如果它已经存在于AD中，它就不会创建该帐户。

I can't figure out how to get the script to do this, it simply does not create the account if it already exists in the AD

以下是相关代码，可帮助您了解其当前如何管理帐户创建。

The following is relevant code to help you understand how it currently manages account creation.

#region Unique Field Data # Acquiring unique field data $GivenName = Read-Host -Prompt "What Is The New User's First Name?" Write-Host " " $Surname = Read-Host -Prompt "What Is The New User's Last Name?" Write-Host " " $Description = Read-Host -Prompt "What Is The Job Title & Department Of The New User? [Please format as Job Title – Dept]" Write-Host " " #endregion #region Data Generation $DisplayName = $GivenName + " " + $Surname $Mail = $GivenName + "." + $Surname + "@" + "RE" $MailAlias = $GivenName + "." + $Surname + "@" + $DNSRoot2 $SInitial = $Surname[0] $Initial = $GivenName[0] $SAMAccountName = $Surname+$Initial $SAMAccountLower = $SAMAccountName.ToLower() $UserPrincipalName = $Surname+$Initial $HD = "U" $HDir = "\\RBHFILRED002\" $AC = "Users_01$\" $DH = "Users_02$\" $IM = "Users_03$\" $NS = "Users_04$\" $TZ = "Users_05$\" $Folder = if ($SInitial -in 'a','b','c'){$AC} ElseIf ($SInitial -in 'd','e','f', 'g','h'){$DH} ElseIf ($SInitial -in 'i','j','k', 'l','m'){$IM} ElseIf ($SInitial -in 'n','o','p', 'q','r','s'){$NS} Else {$TZ} $group1 = "zz Everyone" $group2 = "Safeboot Domain Users" cls #endregion #region User Creation # Create The User Get-ChildItem New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -EmailAddress $Mail -UserPrincipalName $Surname$Initial@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Add-ADGroupMember -Identity $group2 -Members $SAMAccountName Write-Host " " cls echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.." Start-Sleep -s 30 Enable-Mailbox -Identity $SAMAccountName cls #endregion

希望我的代码很清楚，并且可以理解并且希望你们能够提供支持。

Hopefully my code is clear, and can be understood & hopefully you guys are able to offer support.

先发制人谢谢

编辑如下

因此，我使用以下建议扩展了脚本。

So I've expanded on the script, using a suggestion below.

#region User Creation # Create The User $i = 1 $AccountCreated = $False Do { Try { New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -EmailAddress $Mail -UserPrincipalName $Surname$Initial@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Add-ADGroupMember -Identity $group2 -Members $SAMAccountName Set $AccountCreated to $True } Catch { New-ADUser -path "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" -SamAccountName $Surname$Initial$I -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -UserPrincipalName $Surname$Initial$I@rbbh-tr.nhs.uk -Title $title -HomeDrive $HD -HomeDirectory $HDir$Folder$Surname$Initial -Description $Description -ChangePasswordAtLogon $true -PasswordNeverExpires $false -AccountPassword $defpassword -Enabled $true -PassThru Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Add-ADGroupMember -Identity $group2 -Members $SAMAccountName Increment $I } } Until ($AccountCreated -eq $True) cls echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.." Start-Sleep -s 30 Enable-Mailbox -Identity $SAMAccountName cls #endregion #region Post-Creation echo "Username:" $SAMAccountName Write-Host " " echo "Password:" "Welcome123" Write-Host " " echo "Email:" $Mail Write-Host " " echo "Job Title - Department:" $Description Write-Host " " echo "Home Directory:" $HDir$Folder$Surname$Initial Write-Host " " #endregion

但是，这会创建帐户，但不会使用递增的用户名更新交换创建（因此不会创建邮箱），不会创建正确的主目录，并且不会根据是否增加了正确的详细信息。

However, this creates the account. But doesn't update the exchange creation with the incremented username (so doesn't create a mailbox), does not create the correct home directory, and does not echo the correct details based on if it's incremented.

我不知道现在该怎么做

编辑两次

在James C的进一步帮助下，我创建了以下代码，但它不会创建吃了一个邮件帐户。现在抛出错误。

Following further help from James C, I have created the following code. However, it does not create a Mail account. And Now Throws out an error.

$defaultname = $SAMAccountName $i = 1 cls #endregion #region User Creation # Create The User While ((Get-ADUser -Identity $SAMAccountName) -ne $null){ $SamAccountName = $defaultname + [string]$i $i++ } $NewUserParams = @{ path = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" SamAccountName = $SAMAccountName Name = $DisplayName DisplayName = $DisplayName GivenName = $GivenName Surname = $Surname EmailAddress = $Mail UserPrincipalName = "$SAMAccountName@rbbh-tr.nhs.uk" Title = $title HomeDrive = $HomeDrive HomeDirectory = "$HDir$Folder$SAMAccountName" Description = $Description ChangePasswordAtLogon = $true PasswordNeverExpires = $false AccountPassword = $defpassword Enabled = $true } New-ADUser @NewUserParams Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Add-ADGroupMember -Identity $group2 -Members $SAMAccountName cls echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.." Start-Sleep -s 30 Enable-Mailbox -Identity $SAMAccountName cls #endregion #region Post-Creation echo "Username:" $SAMAccountName Write-Host " " echo "Password:" "Welcome123" Write-Host " " echo "Email:" $Mail Write-Host " " echo "Job Title - Department:" $Description Write-Host " " echo "Home Directory:" $HDir$Folder$SAMAccountName Write-Host " " #endregion

它会产生以下错误

Name : Microsoft.Exchange.Management.PowerShell.E2010 PSVersion : 1.0 Description : Admin Tasks for the Exchange Server Name : Microsoft.Exchange.Management.Powershell.Support PSVersion : 1.0 Description : Support Tasks for the Exchange Server This tool is to be used for creating User Accounts for the RBFT Domain under Ultima Business Solutions only. If this applies, please hit any key to continue. Get-ADUser : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:139 char:9 + While ((Get-ADUser -Identity $SAMAccountName) -ne $null){ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (TimmsJ1:ADUser) [Get-ADUser], ADIdentityNotFoundException + FullyQualifiedErrorId : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'.,Microsoft.ActiveDirectory.Management.Comm ands.GetADUser New-ADUser : An attempt was made to add an object to the directory with a name that is already in use At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:163 char:1 + New-ADUser @NewUserParams + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (CN=Timms James,...tr,DC=nhs,DC=uk :String) [New-ADUser], ADException + FullyQualifiedErrorId : An attempt was made to add an object to the dire ctory with a name that is already in use,Microsoft.ActiveDirectory.Managem ent.Commands.NewADUser Add-ADGroupMember : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:164 char:1 + Add-ADGroupMember -Identity $group1 -Members $SAMAccountName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (TimmsJ1:ADPrincipal) [Add-ADGro upMember], ADIdentityNotFoundException + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Micros oft.ActiveDirectory.Management.Commands.AddADGroupMember Add-ADGroupMember : Cannot find an object with identity: 'TimmsJ1' under: 'DC=rbbh-tr,DC=nhs,DC=uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:165 char:1 + Add-ADGroupMember -Identity $group2 -Members $SAMAccountName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (TimmsJ1:ADPrincipal) [Add-ADGro upMember], ADIdentityNotFoundException + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.. Enable-Mailbox : The operation couldn't be performed because object 'TimmsJ1' couldn't be found on 'ad1.rbbh-tr.nhs.uk'. At C:\Users\timmsj\Desktop\Scripts\User_Creation\RBFT_UC_Dev.ps1:171 char:1 + Enable-Mailbox -Identity $SAMAccountName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (0:Int32) [Enable-Mailbox], Manage mentObjectNotFoundException + FullyQualifiedErrorId : 2B788636,Microsoft.Exchange.Management.Recipient Tasks.EnableMailbox Username: TimmsJ1 Password: Welcome123 Email: James.Timms@royalberkshire.nhs.uk Job Title - Department: Ultima - Ultima Home Directory: \\RBHFILRED002\Users_05$\TimmsJ1 You will need to manually set the new user's group memberships. Please Do This Before Sending The User's Account Details. Press Any Key To Close

它创建用户$ SAMAccount是重复的帐户和电子邮件，但是，如果GivenName和Surname是重复的，则根本不会创建该帐户。

It creates the User account and Email if $SAMAccount is duplicate, however if the GivenName and Surname are duplicates it will not create the account at all.

这是针对英国国家健康基金会的，因此很明显，很多员工，特别是名字通用的员工，都有重复的名字。

It's for the National Health Trust in the UK, so obviously a lot of employees, especially ones with common names will have duplicate names.

对此有何解决办法？

编辑三个

通过创建新字符串来解决上述问题。 但是，仍然存在的是，如果名字+第二名是另一个名字的重复，该帐户将拒绝创建。

Kind of fixed the issue above, by creating a new string. However, it still remains that that account will refuse to create if the First + Second name are duplicates of another.

这是前面提到的问题，

This is an issue as stated previously, due to the fact there are many people within the NHS that have the same name.

#region Data Generation $DisplayName = $Surname + " " + $GivenName $Mail = $GivenName + "." + $Surname + "@" + "royalberkshire.nhs.uk" $MailAlias = $GivenName + "." + $Surname + "@" + $DNSRoot2 $SInitial = $Surname[0] $Initial = $GivenName[0] $SAMAccountName = $Surname + "" + $Initial $SAMAccountLower = $SAMAccountName.ToLower() $UserPrincipalName = $Surname+$Initial $HD = "U" $HDir = "\\RBHFILRED002\" $AC = "Users_01$\" $DH = "Users_02$\" $IM = "Users_03$\" $NS = "Users_04$\" $TZ = "Users_05$\" $Folder = if ($SInitial -in 'a','b','c'){$AC} ElseIf ($SInitial -in 'd','e','f', 'g','h'){$DH} ElseIf ($SInitial -in 'i','j','k', 'l','m'){$IM} ElseIf ($SInitial -in 'n','o','p', 'q','r','s'){$NS} Else {$TZ} $group1 = "zz Everyone" $group2 = "Safeboot Domain Users" $defaultname = $SAMAccountName $email = $GivenName + "." + $Surname $i = 1 cls #endregion #region User Creation # Create The User While ((Get-ADUser -Identity $SAMAccountName -ErrorAction SilentlyContinue) -ne $null){ $SamAccountName = $defaultname + [string]$i $Mail = $email + [string]$i + "@" + "royalberkshire.nhs.uk" $i++ } $NewUserParams = @{ path = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" SamAccountName = $SAMAccountName Name = $DisplayName DisplayName = $DisplayName GivenName = $GivenName Surname = $Surname EmailAddress = $Mail UserPrincipalName = "$SAMAccountName@rbbh-tr.nhs.uk" Title = $title HomeDrive = $HomeDrive HomeDirectory = "$HDir$Folder$SAMAccountName" Description = $Description ChangePasswordAtLogon = $true PasswordNeverExpires = $false AccountPassword = $defpassword Enabled = $true } New-ADUser @NewUserParams Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Start-Sleep -s 10 Add-ADGroupMember -Identity $group2 -Members $SAMAccountName cls echo "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.." Start-Sleep -s 30 Enable-Mailbox -Identity $SAMAccountName cls #endregion

再次遇到任何想法吗？

推荐答案

使用使用 Get-ADUser 做/同时循环搜索免费的用户名和 $ VariableName ++ 增加每个循环中用户名的数量。

Using a Do/While loop with Get-ADUser to search for a free username and $VariableName++ to increment the number for the username each loop.

还更新了 New-ADUser 命令以使用 splatting ，因为这样更易于阅读。

Also updated your New-ADUser command to use splatting as this makes it much easier to read.

#didn't include rest of your code above here as it hasn't changed $group1 = "zz Everyone" $group2 = "Safeboot Domain Users" $defaultname = $SAMAccountName $i = 1 While ((Get-ADUser -Identity $SAMAccountName -ErrorAction SilentlyContinue) -ne $null){ $SamAccountName = $defaultname + [string]$i $i++ } $NewUserParams = @{ path = "OU=Users,OU=RBFT,DC=rbbh-tr,DC=nhs,DC=uk" SamAccountName = $SAMAccountName Name = $DisplayName DisplayName = $DisplayName GivenName = $GivenName Surname = $Surname EmailAddress = "$GivenName.$Surname$i@royalberkshire.nhs.uk" UserPrincipalName = "$SAMAccountName@rbbh-tr.nhs.uk" Title = $title HomeDrive = $HomeDrive HomeDirectory = "$HDir$Folder$Surname$Initial" Description = $Description ChangePasswordAtLogon = $true PasswordNeverExpires = $false AccountPassword = $defpassword Enabled = $true } New-ADUser @NewUserParams Add-ADGroupMember -Identity $group1 -Members $SAMAccountName Add-ADGroupMember -Identity $group2 -Members $SAMAccountName Write-Output "Please Wait Whilst We Find The AD Account & Create The Exchange Mailbox.." Start-Sleep -s 30 Enable-Mailbox -Identity $SAMAccountName