我的任务是创建一个PowerShell脚本,将Active Directory组成员资格从指定的源用户(作为模板)复制到指定的目标用户。这些用户可以位于以下两个域之一:Domain_A和Domain_B。这些组都位于Domain_B中。
我遇到的问题是,当我指定两个用户都在Domain_A中时,它会尝试在Domain_A中查找这些组,而实际上这些组都在Domain_B中(这会引发一个错误说它无法找到群组)。域之间存在双向信任,因为它们都位于同一个林中。
我如何才能使它仍然指定用户所在的域,但是它还会指定这些组所在的域?这是我的源代码的副本供参考(编辑以删除服务器名称):
$Source_Server = Read-Host "Please enter the Source Server: "
$Source_UPN = Read-Host "Please enter the Source UPN: "
$Target_Server = Read-Host "Please enter the Target Server: "
$Target_UPN = Read-Host "Please enter the Target UPN: "
Try {
Get-ADUser -Identity $Source_UPN -Properties memberof -Server$Source_Server |
Select-Object -ExpandProperty memberof |
# Find Properties of the memberships of the Source User
Add-ADGroupMember -Members $Target_UPN -Server $Target_Server |
Select-Object -ExpandProperty SamAccountName
# Copy the group memberships of the Source User to the Target User.
}
Catch {
$Error_Message = $_.Exception.Message
Write-Host $Error_Message
Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}
If (!$Error) {
"Group Copy Successful."
$Error_Message = "No errors occured."
# Shows that it ran error-free
Write-Host -NoNewLine "Press any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Exits the program
}
答案 0 :(得分:0)
如果您尝试将域B中的用户添加到域A中的组,则需要在此处修复Server参数以转至源服务器:
Add-ADGroupMember -Members $Target_UPN -Server $Target_Server