破解的PowerShell脚本

时间:2015-10-20 15:52:59

标签: sql-server powershell scripting sql-scripts

我有一个SQL数据库,其中填充了我们公司的顾问以及与之关联的客户端组。我有一个PowerShell脚本,用于检查此数据库,并从相应的O365安全组添加或删除顾问。 这个脚本工作正常。我的问题是,我想从O365安全组转移到Exchange Online中的启用邮件的安全组。

我已将几个组更改为启用邮件,但脚本不起作用,因为当前脚本中使用的PowerShell Cmdlet是MSol cmdlet,并且不知道如何处理启用邮件的安全组。我试图编辑脚本来更改cmdlet。新版本的工作类型,它添加了一个像它应该的用户,但它后立即删除用户。

工作脚本中的删除功能检查顾客用户是否存在于CLient组的SQL DB中,如果不存在,则从组中删除用户,如果是,则保留用户,如下所示:

# Perform group addition/removal only if the consultant exists in O365
if ($consultantUser)
{
    Write-Host "Found user " $consultantMember.EmailAddress
    # Check to see if authoritative SQL consultant table has this specific user
    if ($consultants -notcontains $consultantMember.EmailAddress)
    {
        Write-Host "Removing user " $consultantMember.EmailAddress
        Remove-MsoLGroupMember -groupObjectId $clientGroup.ObjectId -GroupMemberType "User" -groupmemberobjectid $consultantUser.ObjectId
    }
    else
    {
        Write-Host "Keeping user " $consultantMember.EmailAddress
    }
}

新脚本(仅删除部分应该表现相同,但每次都会删除用户。因此,用户会被添加到组中,然后立即删除。看起来像这样

# Perform group addition/removal only if the consultant exists in O365
if ($consultantUser)
{
    Write-Host "Found user " $consultantMember.Name
    # Check to see if authoritative SQL consultant table has this specific user
    if ($consultant -notcontains $consultantMember.EmailAddresses)
    {
        Write-Host "Removing user " $consultantMember.Name
        Remove-DistributionGroupMember -Identity $clientGroup.Name -Member $consultantAdd.Name
    }
    else
    {
        Write-Host "Keeping user " $consultantMember.Name
    }
}

这里是原始脚本(User / Servername / Passwords编辑)和新脚本。 我希望有人可以指出我正确的方向,我将如何使第二个脚本的行为与第一个脚本相同。如果您需要更多信息,请告诉我

# Connect to O365
$User = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$Pass = "XXXXXXXXXXX" # "XXXXXXXX"
$Cred = New-Object System.Management.Automation.PsCredential($User,(ConvertTo-SecureString $Pass -AsPlainText -Force))
Import-Module MSOnline
Connect-MsolService -Credential $Cred

# Loop through SQL Azure Master Client Table
foreach ($dbClient in Invoke-Sqlcmd -Query "SELECT ClientID, Value FROM [dbo].[clientMasterAttributes] WHERE Attribute = 'ClientName' ORDER BY ClientID;" -ServerInstance "XXXXXXXXXX.XXXXXXXX.XXXXXXX.net" -Database "XXXXXX" -Username "XXX" -Password "XXXXXXXXXX")
{
    # Load SQL Azure Consultant Table per ClientID
    $consultantQuery = "SELECT DISTINCT C.Email, E.employeeType FROM clientConsultantAttributes C INNER JOIN Employees E ON C.Email = E.Email WHERE C.ClientID = '{0}' AND C.Attribute = 'Current' AND C.Value = 'Y' AND E.employeeType IN (2,3,8);" -f $dbClient.ClientID
    $consultants = Invoke-Sqlcmd -Query $consultantQuery -ServerInstance "XXXXXXXXXX.XXXXXXXX.XXXXXXX.net" -Database "XXXXXX" -Username "XXX" -Password "XXXXXXXXXX" | select -Expand Email
    Write-Host $consultants
    $clientGroupName = "client{0}" -f $dbClient.ClientID
    # Query Azure AD to see if client security group exists
    $clientGroup = Get-MsolGroup | where-object { $_.DisplayName -eq $clientGroupName}
    if ($clientGroup)
    {
        # Add all users in SQL lookup to the group
        foreach ($consultant in $consultants)
        {
            $consultantAdd = Get-MsolUser -UserPrincipalName $consultant
            if ($consultantAdd)
            {
                Write-Host "Add User " $consultant
                Add-MsolGroupMember -groupObjectid $clientGroup.ObjectId -GroupMemberType "User" -GroupMemberObjectId $consultantAdd.ObjectId
            }
            else
            {
                Write-Host "Could not find " $consultant
            }
        }

        # Found client security group, now loop through all group members to see if they still belong
        foreach ($consultantMember in Get-MsolGroupMember -groupObjectid $clientGroup.ObjectId)
        {
            # Get individual consultant user object using email address from SQL table
            $consultantUser = Get-MsolUser -UserPrincipalName $consultantMember.EmailAddress

            # Perform group addition/removal only if the consultant exists in O365
            if ($consultantUser)
            {
                Write-Host "Found user " $consultantMember.EmailAddress
                # Check to see if authoritative SQL consultant table has this specific user
                if ($consultants -notcontains $consultantMember.EmailAddress)
                {
                    Write-Host "Removing user " $consultantMember.EmailAddress
                    Remove-MsoLGroupMember -groupObjectId $clientGroup.ObjectId -GroupMemberType "User" -groupmemberobjectid $consultantUser.ObjectId
                }
                else
                {
                    Write-Host "Keeping user " $consultantMember.EmailAddress
                }
            }
        }
    }
}

新脚本:

Import-Module MSOnline
Connect-MsolService -Credential $Cred

# Loop through SQL Azure Master Client Table
foreach ($dbClient in Invoke-Sqlcmd -Query "SELECT ClientID, Value FROM [dbo].[clientMasterAttributes] WHERE Attribute = 'ClientName' ORDER BY ClientID;" -ServerInstance "XXXXXXXXXX.XXXXXXXX.XXXXXXX.net" -Database "XXXXXX" -Username "XXX" -Password "XXXXXXXXXX")
{
    # Load SQL Azure Consultant Table per ClientID
    $consultantQuery = "SELECT DISTINCT C.Email, E.employeeType FROM clientConsultantAttributes C INNER JOIN Employees E ON C.Email = E.Email WHERE C.ClientID = '{0}' AND C.Attribute = 'Current' AND C.Value = 'Y' AND E.employeeType IN (2,3,8);" -f $dbClient.ClientID
    $consultants = Invoke-Sqlcmd -Query $consultantQuery -ServerInstance "XXXXXXXXXX.XXXXXXXX.XXXXXXX.net" -Database "XXXXXX" -Username "XXX" -Password "XXXXXXXXXX" | select -Expand Email
    Write-Host $consultants
    $clientGroupName = "client{0}" -f $dbClient.ClientID
    # Query Azure AD to see if client security group exists
    $clientGroup = Get-DistributionGroup | where-object { $_.DisplayName -eq $clientGroupName}
    if ($clientGroup)
    {
        # Add all users in SQL lookup to the group
        foreach ($consultant in $consultants)
        {
            $consultantAdd = Get-User -Identity $consultant
            if ($consultantAdd)
            {
                Write-Host "Add User " $consultant
                Add-DistributionGroupMember -Identity $clientGroup.Name -Member $consultantAdd.Name
            }
            else
            {
                Write-Host "Could not find " $consultant
            }
        }

        # Found client security group, now loop through all group members to see if they still belong
        foreach ($consultantMember in Get-DistributionGroupMember -Identity $clientGroup.Name)
        {
            # Get individual consultant user object using email address from SQL table
            $consultantUser = Get-User -Identity $consultantMember.Email

            # Perform group addition/removal only if the consultant exists in O365
            if ($consultantUser)
            {
                Write-Host "Found user " $consultantMember.Name
                # Check to see if authoritative SQL consultant table has this specific user
                if ($consultant -notcontains $consultantMember.EmailAddresses)
                {
                    Write-Host "Removing user " $consultantMember.Name
                    Remove-DistributionGroupMember -Identity $clientGroup.Name -Member $consultantAdd.Name
                }
                else
                {
                    Write-Host "Keeping user " $consultantMember.Name
                }
            }
        }
    }
}

0 个答案:

没有答案
相关问题
最新问题