通过Powershell从远程服务器导入本地组

时间:2015-03-02 18:51:28

标签: powershell

我正在研究使用Powershell将安全设置从一台服务器复制到另一台服务器的最简单方法,我很好奇是否可以导入和整个组,包括它{{s {{ {1}}和Description属性?

以下是我目前的脚本。我似乎可以使用Members适配器访问远程服务器上的本地组,但ADSI命令会发生以下错误消息

  

异常调用"创建"用" 2"参数:"类型不匹配。 (HRESULT异常:0x80020005(DISP_E_TYPEMISMATCH))"   在\ prdhilfs02 \ install \ Monet \ ServerUpgrade \ DEVHILWB119 \ Scripts \ LocalUsersAndGroups.ps1:25 char:1+ $ objCreate = $ cn.Create(" Group",$ objRemote)

Create

修改

所以我可以使用下面的脚本完成我想要的。我可以使用远程服务器的组名称和描述以及组信息。但是,有没有办法使用Powershell简单地将$computerName = "DEVWB89" $objRemote = [ADSI]("WinNT://$computerName/$groupName") $cn = [ADSI]"WinNT://localhost" $cn.Create("Group", $objRemote) 对象及其所有属性添加到本地计算机?另外一个缺点是,我必须为Group的用户硬编码域名。 

System.DirectoryServices.DirectoryEntry

1 个答案:

答案 0 :(得分:0)

这将列出所有小组成员:

$Members = @($objRemote.psbase.Invoke("Members"))
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null);}
$MemberNames

更多有用信息:

PS C:\Users\YourUser\Desktop> $objAdmin = [ADSI]("WinNT://localhost/Administrator")
PS C:\Users\YourUser\Desktop> $objAdmin | gm


   TypeName: System.DirectoryServices.DirectoryEntry

Name                        MemberType Definition
----                        ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryIns...
ConvertLargeIntegerToInt64  CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
AutoUnlockInterval          Property   System.DirectoryServices.PropertyValueCollection AutoUnlockInterval {get;set;}
BadPasswordAttempts         Property   System.DirectoryServices.PropertyValueCollection BadPasswordAttempts {get;set;}
Description                 Property   System.DirectoryServices.PropertyValueCollection Description {get;set;}
FullName                    Property   System.DirectoryServices.PropertyValueCollection FullName {get;set;}
HomeDirDrive                Property   System.DirectoryServices.PropertyValueCollection HomeDirDrive {get;set;}
HomeDirectory               Property   System.DirectoryServices.PropertyValueCollection HomeDirectory {get;set;}
LastLogin                   Property   System.DirectoryServices.PropertyValueCollection LastLogin {get;set;}
LockoutObservationInterval  Property   System.DirectoryServices.PropertyValueCollection LockoutObservationInterval {get;set;}
LoginHours                  Property   System.DirectoryServices.PropertyValueCollection LoginHours {get;set;}
LoginScript                 Property   System.DirectoryServices.PropertyValueCollection LoginScript {get;set;}
MaxBadPasswordsAllowed      Property   System.DirectoryServices.PropertyValueCollection MaxBadPasswordsAllowed {get;set;}
MaxPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MaxPasswordAge {get;set;}
MaxStorage                  Property   System.DirectoryServices.PropertyValueCollection MaxStorage {get;set;}
MinPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MinPasswordAge {get;set;}
MinPasswordLength           Property   System.DirectoryServices.PropertyValueCollection MinPasswordLength {get;set;}
Name                        Property   System.DirectoryServices.PropertyValueCollection Name {get;set;}
objectSid                   Property   System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
Parameters                  Property   System.DirectoryServices.PropertyValueCollection Parameters {get;set;}
PasswordAge                 Property   System.DirectoryServices.PropertyValueCollection PasswordAge {get;set;}
PasswordExpired             Property   System.DirectoryServices.PropertyValueCollection PasswordExpired {get;set;}
PasswordHistoryLength       Property   System.DirectoryServices.PropertyValueCollection PasswordHistoryLength {get;set;}
PrimaryGroupID              Property   System.DirectoryServices.PropertyValueCollection PrimaryGroupID {get;set;}
Profile                     Property   System.DirectoryServices.PropertyValueCollection Profile {get;set;}
UserFlags                   Property   System.DirectoryServices.PropertyValueCollection UserFlags {get;set;}


PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0], $null)
Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted.
"
At line:1 char:1
+ $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0] ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : COMException

PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("PasswordAge", "GetProperty", $null, $Members[0], $null)
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("UserFlags", "GetProperty", $null, $Members[0], $null)
相关问题
最新问题