Question

我正在尝试验证用户在AD中是否具有经理，如果该经理为null /空，则提供了需要更改为的值。如果该值不为null且与众不同，我目前有工作代码，但是如果该值为null则收到错误。

我在查找中尝试了多种变体，但是当value为null时总是返回错误。

Import-Module ActiveDirectory
if ((Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin Quest.ActiveRoles.ADManagement
}
Connect-QADService foo.domain.com

#Specify User, then manager value to check against
Write-Host "What is the user's name?"
$User = Read-Host
Write-Host "Who is the manager we are checking against?"
$manager = Read-Host

#Check if Manager Value is null
if (-not ($ADemanager = (Get-ADUser (Get-ADUser $OBUID -Properties manager).manager).SamAccountName)) {
    Write-Host "User's Manager value is EMPTY or NULL in AD."
    $ADemanager = "Null Value"
    Write-Host "  NOTE: Changing the value from $ADemanager to $OBemanager per HR Records."
    Get-ADUser $OBUID |
        Set-ADUser -Manager $OBemanager -PassThru |
        Get-ADUser -Properties Manager |
        Select Name, Manager
} else {
    Write-Host "User's Manager Name not EMPTY in AD."
    Write-Host "Checking to see if manager's match in AD."
    if ($ADemanager -eq $OBemanager) {
        #Manager from AD matches manager listed on offboarding form
        Write-Host "The manager matches AD Value."
    } else {
        Write-Host "  NOTE: Manager from Offboarding form does not match manager listed in AD." -ForegroundColor Yellow
        Write-Host "  NOTE: Changing the value from $ADemanager to $OBemanager per HR Records."

        #Change Manager in AD (Make sure right variables used below)
        Get-ADUser $OBUID |
            Set-ADUser -Manager $OBemanager -PassThru |
            Get-ADUser -Properties Manager |
            Select Name, Manager
    }
}

Answer 1

我相信下面的代码段应该可以满足您的要求：确定用户的当前管理员，以及它是否与所需的管理员不同（因为是否分配了其他管理员或根本没有分配任何管理员）来更新用户反对新经理。

python3.5 -c "import httpagentparser; s='$user_agent_e'; print (httpagentparser.detect(s))"
{'bot': False, 'os': {'version': '10', 'name': 'Windows'}, 'browser': {'version': '73.0.3683.86', 'name': 'Chrome'}, 'platform': {'version': '10', 'name': 'Windows'}}

python3.5 -c "import httpagentparser; s='$user_agent_e'; print (httpagentparser.detect(s))"
{'platform': {'version': '10', 'name': 'Windows'}, 'bot': False, 'browser': {'version': '73.0.3683.86', 'name': 'Chrome'}, 'os': {'version': '10', 'name': 'Windows'}}

python3.5 -c "import httpagentparser; s='$user_agent_e'; print (httpagentparser.detect(s))"
{'browser': {'name': 'Chrome', 'version': '73.0.3683.86'}, 'bot': False, 'os': {'name': 'Windows', 'version': '10'}, 'platform': {'name': 'Windows', 'version': '10'}}

python3.5 -c "import httpagentparser; s='$user_agent_e'; print (httpagentparser.detect(s))"
{'bot': False, 'os': {'version': '10', 'name': 'Windows'}, 'browser': {'version': '73.0.3683.86', 'name': 'Chrome'}, 'platform': {'version': '10', 'name': 'Windows'}}

python3.5 -c "import httpagentparser; s='$user_agent_e'; print (httpagentparser.detect(s))"
{'platform': {'version': '10', 'name': 'Windows'}, 'os': {'version': '10', 'name': 'Windows'}, 'bot': False, 'browser': {'version': '73.0.3683.86', 'name': 'Chrome'}}

Answer 2

我认为，获取正确的经理帐户并将其与用户经理进行比较会更容易-以下方法将起作用。

要从用户的属性中写出不正确的经理姓名，我只用了一点-replace即可将可分辨的姓名简称为帐户CN。如果与您的samAccountName相匹配，它会有所帮助。如果他们不这样做，而您真的想要samAccountName，那么您将需要另一个Get-ADUser，但这似乎效率不高。

$ADuser     = Get-ADUser $OBUID -Properties Manager
# look up the manager account from user input
$OBemanager = Get-ADuser $mgrID

if ($ADuser.manager -eq $OBemanager) { #this will match the manager DN
    Write-Host "The manager matches AD Value."
}
else {
    #shorten the manager account DN from the user manager attribute
    if ($aduser.manager) {
        $mgrname = $ADuser.manager -replace '^CN=|,OU.*$'
    }
    else {
        $mgrname -eq 'null value'
    }
    Write-Host "NOTE: Changing the value from $mgrname to $($OBemanager.samAccountName) per HR Records."
    Set-ADUser -Manager $OBemanager -PassThru |
    Get-ADUser -Properties Manager | Select Name,Manager    
}

Answer 3

所以我以另一种方式修改了这个问题。

大多数变量都是从表单以及

加载的

  $OBmanager = $cmbOBManager.Text.Split(",")
  $OBmanagername = $OBmanager[0]
  $OBemanager = $OBmanager[1].Trim()
  $OBestring = "@iconectiv.com"
  $OBEmpManager = $OBemanager + $OBestring


  #-check if manager from offboarding form is same listed in AD
  #Check User's manager name
  $userEntry = get-qaduser $OBUID
  [string]$man = $userEntry.manager
  #Check if manager name is null
  if (-not ($man -eq $null)) 
  {
    [array]$manName = $man.split('=,')
    $manager = $manName[1]
    #If null, change to HR specified value
    If($manager -eq $null)
    {
        Write-Host "The user's manager is Null in AD."
        Write-Host "Changing the user's manager to the HR supplied value."
        Get-aduser $OBUID | Set-ADUser -Manager $OBemanager -PassThru | get-aduser -Properties Manager | Select Name,Manager

        #Send Email
        ManagerChange
    }
    else
    {
        Write-Host "$manager is the manager of $OBUID";
        $ADemanager = (get-aduser (get-aduser $OBUID -Properties manager).manager).samaccountName
        #Check if AD value is the same as HR value
        If($ADemanager -eq $OBemanager)
        {
            Write-Host "The HR manager name supplied value matches the AD Value."
        }
        else
        {
            Write-Host "The HR manager name supplied value doesn't match the AD Value."
            Write-Host "Changing the manager value in AD to the HR supplied value."
            Get-aduser $OBUID | Set-ADUser -Manager $OBemanager -PassThru | get-aduser -Properties Manager | Select Name,Manager

            #Sending email
           ManagerChange

        }
    }

用户经理验证

3 个答案: