Powershell:将用户添加到数组中的组

时间:2014-10-22 00:23:11

标签: arrays powershell active-directory

我正在尝试编写一个PowerShell脚本,该脚本将创建一个基于Department和Position的用户,并将它们添加到特定于该位置的AD组。我有一个创建新用户的函数,并尝试将用户加入数组中的组列表。

function CreateUser{
     $sam = "$first.$last";...;$pwd = ConvertTo-SecureString "password" -AsPlainText -Force
     New-ADUser -Company "MyCompany" -Department $dept -Description $desc -DisplayName $dname -EmailAddress $email -GivenName $first -Office $office -Path $path -SamAccountName $sam -Surname $last -UserPrincipalName $email
     foreach ($group in $groups) { if (Get-ADGroup $group) { Add-ADGroupMember $group $sam } }
     }

我还有一些代码可以创建$ groups数组

$positions = @()
if ($dept -eq "CSR") { $positions += "CSR Rep","CSR Lead","CSR Manager" }
if ($dept -eq "IT") { $positions += "Sysadmin","Netadmin","Sqladmin" }
...
$groups = @()
if ($position -eq "CSR Rep") { $groups += "group1","group2","group3",...,"groupN" }
if ($position -eq "CSR Lead") { $groups += "group1","group2","group3","group4",...,"groupN" }
if ($position -eq "CSR Manager") { $groups += "group1","group2","group3","group4","group5",...,"groupN" }
if ($position -eq "Sysadmin") { $groups += "group6","group7",...,"groupN" }
if ($position -eq "Netadmin") { $groups += "group7","group8","group9",...,"groupN" }
if ($position -eq "Sqladmin") { $groups += "group10","group11","group12",...,"groupN" }

在我指定了创建groups数组的部门和位置之后,我调用了CreateUsers函数,但是我得到了错误,就像它是一个空数组一样。

试图将参数传递给函数还有什么我想念的,还是有更好的方法来完成这项任务?
非常感谢任何帮助。

2 个答案:

答案 0 :(得分:3)

由于您的代码没有显示函数调用,并且您的函数没有定义任何参数,我假设您没有传递任何内容。

以下是如何使用带有三个示例参数的参数,其中一个参数是String []:

function CreateUser{
     param(
     [parameter(Mandatory=$True)]
     [ValidateNotNullOrEmpty()]
     [string[]] $groups,
     [parameter(Mandatory=$True)]
     [ValidateNotNullOrEmpty()]
     [hashtable] $userInfo,
     [parameter(Mandatory=$True)]
     [ValidateNotNullOrEmpty()]
     [securestring] $pwd
     )

     New-ADUser -Company "MyCompany" -Department $userInfo.dept -Description $userInfo.desc -DisplayName $userInfo.dname -EmailAddress $userInfo.email -GivenName $userInfo.first -Office $userInfo.office -Path $userInfo.path -SamAccountName $userInfo.sam -Surname $userInfo.last -UserPrincipalName $userInfo.email
     foreach ($group in $groups) { if (Get-ADGroup $group) { Add-ADGroupMember $group $userInfo.sam } }
     }

为了保持参数数量较少,我已将用户信息整合到哈希表中。 Hashtables是键值集,可以像这样创建:

$userInfo = @{sam="sam"; dept="department"; desc="description"; ...}

要正确调用您的函数,请执行以下操作:

CreateUser -groups $groups -userInfo $userInfo -pwd $pwd

您当然可以添加更多参数。有关可能的定义和验证方法的文档,请参阅Technet

答案 1 :(得分:2)

如果你要创建的函数不仅仅是带参数的简单事物,我强烈建议用它们包含参数。如:

function CreateUser{
Param([Parameter(Position=0)][string]$First = $(throw "You must specify a first name"),
[Parameter(Position=1)][string]$Last = $(throw "You must specify a last name"),
[Parameter(Position=2)][string]$Desc = $(throw "You must specify a description"),
[Parameter(Position=3)][string]$Dept = $(throw "You must specify a department"),
[Parameter(Position=4)][string]$Office = $(throw "You must specify an office"),
[Parameter(Position=5)][string]$Password = $(throw "You must specify a password"),
[string[]]$Groups
)
     $sam = "$first.$last"
     $pwd = ConvertTo-SecureString $Password -AsPlainText -Force
     $email = "$first.$last@company.com"
     $dname = "$First $Last"
     $Path = "ou=$office,ou=Users,DN=company,DN=local"
     New-ADUser -Company "MyCompany" -Department $dept -Description $desc -DisplayName $dname -EmailAddress $email -GivenName $first -Office $office -Path $path -SamAccountName $sam -Surname $last -UserPrincipalName $email
     foreach ($group in $groups) { if (Get-ADGroup $group) { Add-ADGroupMember $group $sam } }
}

然后当您调用该函数时,您可以这样做:

CreateUser "Jim" "Kirk" "Captain Extraordinaire" "Space" "$uper$ecret123" @("ExploreNewWorlds","WhereNoManHasGone")

或者您可以按名称指定参数:

CreateUser -First "Jim" -Last "Kirk" -Desc "Captain Extraordinaire" -Dept "Space" -Password "$uper$ecret123" -Groups @("ExploreNewWorlds","WhereNoManHasGone")

...当我被卷入工作试图发布时,保罗打败了我。干得好的保罗!

编辑:在旁注中,我想向您介绍Switch cmdlet。我想你会从中受益匪浅。虽然你的几个If语句可能有用,但请考虑这个:

Switch($position){
    "CSR Rep" { $groups += "group1","group2","group3",...,"groupN";continue }
    "CSR Lead" { $groups += "group1","group2","group3","group4",...,"groupN";continue }
    "CSR Manager" { $groups += "group1","group2","group3","group4","group5",...,"groupN";continue }
    "Sysadmin" { $groups += "group6","group7",...,"groupN";continue }
    "Netadmin" { $groups += "group7","group8","group9",...,"groupN";continue }
    "Sqladmin" { $groups += "group10","group11","group12",...,"groupN" }
}

这很简单,在您的情况下可能无法提供太多的性能改进,但Switch提供了一个更清晰的解决方案,并提高了几个If语句的性能。它还允许更多逻辑,例如:

Switch($position){
    {$_ -match "CSR" } { $groups += "group1", "group2" }
    {$_ -match "CSR" -and -not $_ -match "Rep"} { $groups += "group3","Group4" }
}

这将为所有CSR添加第1组和第2组,只有Leads和Managers获得第3组和第4组。无论如何,只需考虑一些事项。

相关问题
最新问题