您好,登錄后才能下訂單哦!
因管理需要計劃將現有的serv-u服務改成ad+iis+ftp+ntfs架構,所以需要在ad中新建對應群組并添加用戶。
為提高效率減少重復工作,編寫一個批量新增群組及添加用戶腳本,以下為測試環境。
=INDEX(A:A,SMALL(IF($B$2:$B$200="Sam",ROW($2:$200),4^8),ROW(A1)))&""
Import-Module ActiveDirectory
$ngroups=Import-Csv C:\Data\ngs.csv
$nusers=Import-Csv C:\Data\nus.csv
foreach ($ngroup in $ngroups) {
#新建組
New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.GroupCategory -GroupScope $ngroup.Groupscope -Path $ngroup.path -Description $ngroup.description -PassThru
Get-ADGroup -Identity $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
#新增成員
Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru
}
name,path,groupcategory,groupscope,description,info
ftp-ops-w,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/ops/","DRI:xx,TEL:xx"
ftp-ops-r,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/ops/","DRI:xx,TEL:xx"
ftp-dba-w,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/dba/","DRI:xx,TEL:xx"
ftp-dba-r,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/dba/","DRI:xx,TEL:xx"
ftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-r
user01,user02,user03,user04
user05,,user06,user07
user08,,user09,
Import-Module ActiveDirectory
foreach ( $num in 1..10 ) {
$user='USER'+$num
New-ADUser $user -Path "OU=Test,DC=iku,DC=lxy" -Enabled:$true -AccountPassword(ConvertTo-SecureString "lxy1989." -AsPlainText -Force)
}
$newusers= Import-Csv .\nu.csv
$newgroups= Import-Csv .\ng.csv
# 新建數組保存離職或不存在帳號
$array_error_user = New-Object -TypeName System.Collections.ArrayList
$array_disabled_user = New-Object -TypeName System.Collections.ArrayList
foreach ($newgroup in $newgroups) {
$newuser=($newusers.($newgroup.name) | Where-Object {$_ -ne ''})
foreach ($user in $newuser) {
$user_abled= (Get-ADUser $user).enabled # 查詢帳號是否被禁用,默認情況下只有離職的帳號才會被禁用
$returned=$? # 若帳號不存在,則返回false
if ($returned -eq $true)
{
if ($user_abled -eq $false)
{$array_disabled_user.Add($user+'@'+($newgroup.name))} # 將被禁用(離職)的帳號添加至數組
}
else
{ $array_error_user.add($user+'@'+($newgroup.name)) } # 將不存在的帳號添加至數組
}
}
echo "The following user is disabled :"$array_disabled_user
echo "The following user does not exist :"$array_error_user
vi user.error
xx
xxx
xx
:%s/@.*//g
vi deluser.sh
#!/bin/bash
#在sed中引用變量用雙引號
for user in $(cat user.error)
do
sed -i "s/$user//g" nu.csv
done
$ngroups=Import-Csv C:\Data\ngs.csv
$nusers=Import-Csv C:\Data\nus.csv
# version1
foreach ($ngroup in $ngroups) {
New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.GroupCategory -GroupScope $ngroup.Groupscope -Path $ngroup.path -PassThru
Get-ADGroup -Identity $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
}
# version2
# 增加了群組是否存在的判斷
$ngroups = Import-Csv D:\PS\NewGroup\201807\ng.csv -Encoding Unicode
foreach ($ngroup in $ngroups) {
$drop = Get-ADGroup $ngroup.name
$return = $?
# 檢查組是否存,不存在則新建組
if ($return -eq $false){
New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.groupcategory -GroupScope $ngroup.groupscope -Path $ngroup.path -Description $ngroup.description
Get-ADGroup $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
}
}
foreach ($ngroup in $ngroups) {
Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru
}
PS C:\Users\Administrator> ($nusers.'ftp-dba-r' | Where-Object {$_ -ne ''}).count
3
---nu.csv
ftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-r
user1,user2,user3,user4,
user5,,user6,user7,
user8,,user9,,
---
PS C:\> ($nusers.'ftp-dba-r' | Where-Object {$_ -ne ''}).count
2
foreach ($ngroup in $ngroups) {
Get-ADGroupMember -Identity $ngroup.name | select @{name='group';expression={$ngroup.name}},@{name='name';expression={$_.name}}
}
group name
----- ----
ftp-ops-w USER1
ftp-ops-w USER5
ftp-ops-w USER8
ftp-ops-r USER2
ftp-dba-w USER3
ftp-dba-w USER6
ftp-dba-w USER9
ftp-dba-r USER4
ftp-dba-r USER7
foreach ($ngroup in $ngroups) {
Remove-ADGroupMember -Identity $ngroup.name -Members (Get-ADGroupMember -Identity $ngroup.name)
}
在使用過程中發現腳本的功能實現方式生硬,書寫格式并不規范,不便閱讀,所以作了更新。
# $ngroups = Import-Csv D:\PS\NewGroup\201807\ng.csv -Encoding Unicode
# 新建組
<#
foreach ($ngroup in $ngroups) {
$test = Get-ADGroup $ngroup.name
$return = $?
if ($return -eq $false){
New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.groupcategory -GroupScope $ngroup.groupscope -Path $ngroup.path -Description $ngroup.description
Get-ADGroup $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
}
}
#>
# 清空組成員
<#
foreach ($ngroup in $ngroups) {
Remove-ADGroupMember -Identity $ngroup.name -Members (Get-ADGroupMember -Identity $ngroup.name)
}
#>
# 查詢組成員
<#
foreach ($ngroup in $ngroups) {
Get-ADGroupMember -Identity $ngroup.name | select @{name='group';expression={$ngroup.name}},@{name='name';expression={$_.name}}
}
#>
# $ngroups = Import-Csv D:\PS\NewGroup\201807\ngw.csv
# $nusers = Import-Csv D:\PS\NewGroup\201807\nus.csv
# 添加成員
<#
foreach ($ngroup in $ngroups) {
Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru -Confirm:$false
}
#>
# 統計各群組用戶數
#<
[int]$sum = 0
$re =foreach ($ngroup in $ngroups){
$user_num = (Get-ADGroupMember ($ngroup.name) | Where-Object {$_ -ne ''}).count
$user_num | select @{name='group';ex={$ngroup.name}},@{name='num';ex={$user_num}}
$sum += $user_num
}
echo $re
echo $sum
#>
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。