活動目錄 powershell 從組中 新增\刪除 使用者
阿新 • • 發佈:2019-01-05
某組織的ou中的賬戶可能經常需要移動,每個部門ou都有部門組,以dep_開頭,如果賬號從ou1移動到ou2,則賬號需要從ou1中的部門組中刪除,同時,要新增到ou2的部門組中,指令碼如下:
$ConfirmPreference="none" #關閉confirm確認提示
$ou_all=Get-ADOrganizationalUnit -Filter * -SearchBase "OU=sales_ou,DC=test,DC=com"
#查詢特定ou
$filePath="c:\"
$datetime=get-date
$date=$datetime.ToString('yyyy-MM-dd')
foreach ($ou in $ou_all)
{
$group=Get-ADGroup -Filter {name -like "dep_*"} -SearchBase $ou -SearchScope OneLevel
#只查詢名稱為dep_開頭的組
$user_all=Get-ADUser -Filter * -SearchBase $ou -SearchScope OneLevel
#查詢當前ou下的所有使用者
if ($user_all)
{
foreach ($user in $user_all)
{
if($group)
{
$members=Get-ADGroupMember -Identity $group
if ($members.name -notcontains $user.Name)
#判斷使用者是否在當前ou的dep_開始的名稱的組中,如果不在組中,後面的迴圈則新增使用者到組
{
$outinfo= "Adding " + $user.name+ " to " +$group.name + " in " +$ou.DistinguishedName
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
Add-ADGroupMember $group -Members $user 2>> $filepath$date.TXT
}
}else {
$outinfo= "The Group Does not exist in " + $ou.DistinguishedName >> $filepath$date.TXT
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
}
}
if ($group)
{
$members_new=Get-ADGroupMember -Identity $group
foreach ($member_new in $members_new)
{
if ($user_all.name -notcontains $member_new.name)
#判斷組中是否有不在當前ou中的使用者,如果有,後面的迴圈則刪除組中的改該使用者
{
$outinfo= "Removing "+ $member_new.name+ " from " + $group.Name + " in " + $ou.DistinguishedName
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
Remove-ADGroupMember -Identity $group -Members $member_new 2>> $filepath$date.TXT
}
}
}
}
}
$ConfirmPreference="none" #關閉confirm確認提示
$ou_all=Get-ADOrganizationalUnit -Filter * -SearchBase "OU=sales_ou,DC=test,DC=com"
#查詢特定ou
$filePath="c:\"
$datetime=get-date
$date=$datetime.ToString('yyyy-MM-dd')
foreach ($ou in $ou_all)
{
$group=Get-ADGroup -Filter {name -like "dep_*"} -SearchBase $ou -SearchScope OneLevel
#只查詢名稱為dep_開頭的組
$user_all=Get-ADUser -Filter * -SearchBase $ou -SearchScope OneLevel
#查詢當前ou下的所有使用者
if ($user_all)
{
foreach ($user in $user_all)
{
if($group)
{
$members=Get-ADGroupMember -Identity $group
if ($members.name -notcontains $user.Name)
#判斷使用者是否在當前ou的dep_開始的名稱的組中,如果不在組中,後面的迴圈則新增使用者到組
{
$outinfo= "Adding " + $user.name+ " to " +$group.name + " in " +$ou.DistinguishedName
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
Add-ADGroupMember $group -Members $user 2>> $filepath$date.TXT
}
}else {
$outinfo= "The Group Does not exist in " + $ou.DistinguishedName >> $filepath$date.TXT
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
}
}
if ($group)
{
$members_new=Get-ADGroupMember -Identity $group
foreach ($member_new in $members_new)
{
if ($user_all.name -notcontains $member_new.name)
#判斷組中是否有不在當前ou中的使用者,如果有,後面的迴圈則刪除組中的改該使用者
{
$outinfo= "Removing "+ $member_new.name+ " from " + $group.Name + " in " + $ou.DistinguishedName
Out-File -filePath $filepath$date.TXT -inputobject $outInfo -Append
Remove-ADGroupMember -Identity $group -Members $member_new 2>> $filepath$date.TXT
}
}
}
}
}