使用Powershell将用户添加到另一个域的组

时间:2015-10-29 18:31:09

标签: powershell active-directory

我的任务是创建一个PowerShell脚本,将Active Directory组成员资格从指定的源用户(作为模板)复制到指定的目标用户。这些用户可以位于以下两个域之一:Domain_A和Domain_B。这些组都位于Domain_B中。

我遇到的问题是,当我指定两个用户都在Domain_A中时,它会尝试在Domain_A中查找这些组,而实际上这些组都在Domain_B中(这会引发一个错误说它无法找到群组)。域之间存在双向信任,因为它们都位于同一个林中。

我如何才能使它仍然指定用户所在的域,但是它还会指定这些组所在的域?这是我的源代码的副本供参考(编辑以删除服务器名称):

$Source_Server = Read-Host "Please enter the Source Server: "
$Source_UPN = Read-Host "Please enter the Source UPN: "
$Target_Server = Read-Host "Please enter the Target Server: "
$Target_UPN = Read-Host "Please enter the Target UPN: "

Try {
Get-ADUser -Identity $Source_UPN -Properties memberof -Server$Source_Server | 
Select-Object -ExpandProperty memberof | 
# Find Properties of the memberships of the Source User

Add-ADGroupMember -Members $Target_UPN -Server $Target_Server |
Select-Object -ExpandProperty SamAccountName
# Copy the group memberships of the Source User to the Target User.
}

Catch {
$Error_Message = $_.Exception.Message
Write-Host $Error_Message

Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}

If (!$Error) {
"Group Copy Successful."
$Error_Message = "No errors occured."
# Shows that it ran error-free

Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}

1 个答案:

答案 0 :(得分:0)

如果您尝试将域B中的用户添加到域A中的组,则需要在此处修复Server参数以转至源服务器:

Add-ADGroupMember -Members $Target_UPN -Server $Target_Server