需要一些帮助。我正在尝试运行脚本以将用户从OU添加到安全组。脚本的Get-ADGroupMember部分应解析作为“影子组”成员的所有现有用户,并删除不再位于OU中的用户。脚本的Get-ADUser部分应该解析OU中的所有用户并将它们添加到“影子组”。我得到的错误是
Get-ADGroupMember:无法验证参数' Identity'的参数。参数为null或空。提供一个论点 这不是null或空,然后再次尝试该命令。 在C:\ temp \ test-3.ps1:5 char:28 + Get-ADGroupMember -Identity<<<< $ Group | Where-Object {$ .DistinguishedName.Substring($ .DistinguishedName.IndexOf( ",")) - $ $ OU} | ForEach-Object {Remove-ADPrincipalGroupMembership -Identity $ _ -MemberOf $ Group -Confirm:$ false} + CategoryInfo:InvalidData:(:) [Get-ADGroupMember],ParameterBindingValidationException + FullyQualifiedErrorId:ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGrou pMember
OU中有120多个用户。我使用的脚本看起来像这样
$OU="OU=Faculty Accounts,OU=West Service Center,OU=Support Services,DC=example,DC=test"
$ShadowGroup="CN=ITS-Staff,OU=Groups,OU=Wilcox Building,OU=Support Services,DC=dcsd,DC=test"
Get-ADGroupMember –Identity $Group | Where-Object {$_.DistinguishedName.Substring($_.DistinguishedName.IndexOf(",")) -ne $OU} | ForEach-Object {Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group –Confirm:$false}
Get-ADUser –SearchBase $OU –SearchScope OneLevel –LDAPFilter "(!memberOf=$ShadowGroup)" | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $ShadowGroup}
感谢帮助,对PS来说很新。