用于为人力资源部门添加新用户的Powershell脚本

时间:2015-10-01 20:46:23

标签: windows powershell

我试图提出一个PowerShell脚本来添加AD中的新用户,我们的人力资源部门可以使用它而不是向我发送电子邮件。

我的脚本将询问他们想要添加新用户的哪个部门,用户名和全名:

# ##########################################
# Determine if we have Administrator rights
Write-Host 'Checking user permissions... '
$windowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$windowsSecurityPrincipal = New-Object System.Security.Principal.WindowsPrincipal($windowsID)
$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator

If (!($windowsSecurityPrincipal.IsInRole($adminRole))) {
    Write-Warning 'Current user does not have Administrator rights'
    Write-Host 'Attempting to copy files to temporary location and restarting script'

    # Get random file name
    Do {
        $temp = [System.IO.Path]::GetTempPath() + [System.IO.Path]::GetRandomFileName()
    } Until (!(Test-Path -LiteralPath "$temp"))

    # Create directory
    Write-Host 'Creating temp directory... ' -NoNewLine
    New-Item -Path "$temp" -ItemType 'Directory' | Out-Null
    Write-Host 'done.'

    # Copy script to directory
    Write-Host 'Copying script to temp directory... ' -NoNewLine
    Copy-Item -LiteralPath "$($myInvocation.MyCommand.Path)" "$temp" | Out-Null
    Write-Host 'done.'
    $newScript = "$($temp)\$($myInvocation.MyCommand.Name)"

    # Start new script elevated
    Write-Host 'Starting script as administrator... ' -NoNewLine
    $adminProcess = New-Object System.Diagnostics.ProcessStartInfo
    $adminProcess.Filename = ([System.Diagnostics.Process]::GetCurrentProcess()).Path
    $adminProcess.Arguments = " -File `"$newScript`""
    $adminProcess.Verb = 'runas'

    Try {
        [System.Diagnostics.Process]::Start($adminProcess) | Out-Null
    }
    Catch {
        Write-Error 'Could not start process'
        Exit 1
    }
    Write-Host 'done.'

    Exit 0
}
#Change the execution policy
Set-ExecutionPolicy bypass
#Import the AD module
Import-Module ActiveDirectory
#Set variables

$title = "Add Users To The Domain"
$message = "For which department do you wanna add this user to?"

$rn = New-Object System.Management.Automation.Host.ChoiceDescription "&RN", `
    "RN"

$callcenter = New-Object System.Management.Automation.Host.ChoiceDescription "&Call Center", `
    "Call Center"

$management = New-Object System.Management.Automation.Host.ChoiceDescription "&Management", `
    "Management"

$billing = New-Object System.Management.Automation.Host.ChoiceDescription "&Billing", `
    "Billing"

$options = [System.Management.Automation.Host.ChoiceDescription[]]($rn, $callcenter, $management, $billing)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
    {
        0 {"You selected RN."}
        1 {"You selected Call Center."}
        2 {"You selected Management."}
        3 {"You Selected Billing."}
    }


$UName = Read-Host "What is the username you wanna give? Make sure it matches the username in the email."
$FName = Read-Host "What is the Full Name of the user?"


New-ADUser `
 -Name $FName `
 -Path  "CN=Users,OU=$result,DC=Domain,DC=com" `
 -SamAccountName  $UName `
 -DisplayName $FName `
 -AccountPassword (ConvertTo-SecureString "password1" -AsPlainText -Force) `
 -ChangePasswordAtLogon $true  `
 -Enabled $true
Add-ADGroupMember "Users" "$UName";

每次我尝试运行它时都会收到以下错误消息:

  

New-ADUser:找不到目录对象At   C:\ Users \用户优素福\应用程序数据\本地\ TEMP \ ofit4gnq.1lp \ AddUserHR.ps1:84   焦炭:1   + New-ADUser`   + ~~~~~~~~~~~~       + CategoryInfo:ObjectNotFound:(CN = TYoussef Tes ... diatrics,DC = Com:String)[New-ADUser],ADIdentityNotFo
  undException       + FullyQualifiedErrorId:ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M   icrosoft.ActiveDirectory.Management.Commands.NewADUser

     

Add-ADGroupMember:找不到具有身份的对象:' yousseft'   在:' DC = TribecaPediatrics,DC = com'。在   C:\ Users \用户优素福\应用程序数据\本地\ TEMP \ ofit4gnq.1lp \ AddUserHR.ps1:92   焦炭:1   + Add-ADGroupMember"用户" " $ UNAME&#34 ;;   + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~       + CategoryInfo:ObjectNotFound :( yousseft:ADPrincipal)[Add-ADGroupMember],ADIdentityNotFoundException       + FullyQualifiedErrorId:SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands。   AddADGroupMember

1 个答案:

答案 0 :(得分:0)

$ result以整数形式返回,因此您给twoway (line bspDiff Year if Countryshort == "China" | Countryshort == "India") (line hdiDiff Year if Countryshort == "China" | Countryshort == "India", xlabel(1980(1)2013, labsize(tiny))) 的路径如下所示:

New-ADUser

这就是您收到该错误消息的原因,因为很可能没有名称为“0”的OU或任何其他选项“1”,“2”或“3”。

在switch语句中,您应该声明每个部门OU的调用内容,以便将新用户放入该OU中。

你非常接近,这是我将如何修改你的switch语句:

"CN=Users,OU=0,DC=Domain,DC=com"
相关问题
最新问题