我正在使用以下代码尝试删除&将用户添加到ActiveDirectory组:
import-module ActiveDirectory
$logs = "D:\logs"
$user = "TempValue"
$group = Get-ADGroup "SomeValue"
$date = (Get-Date).ToString('yyyyMMdd')
$userPrincipal = (get-aduser "$user" -server 123 -properties *).userPrincipalName
$newUser = (get-aduser -filter "userPrincipalName -like '$userPrincipal'" -server 456)
$FileSystem = New-Object -com "Scripting.FileSystemObject"
$stream = $FileSystem.CreateTextFile("$logs\changedgroups-$date.txt", $True, $True)
Remove-ADGroupMember -Identity "$group" -Member "$user" -Confirm:$false
$stream.WriteLine("Removed $user from $group")
Add-ADGroupMember -Identity $group -server 123 -Member $newUser
$stream.WriteLine("Added $newUser to $group")
场景: 两个域位于同一个林中域位于不同的林中。我在域“123”上尝试从域123中的组中删除用户,并将用户添加到域456中的同一组。
问题:它从域456添加用户,但它将用户显示为外部安全策略,并显示消息“请注意,此对象只是来自用户或组的占位符可信赖的外部域名。“知道为什么吗?
答案 0 :(得分:0)
我也遇到了add-adgroupmember的这个限制。为了解决这个问题,请切换到Set-ADGroup,下面提供了一些示例。您可以使用添加或删除
指定DN,SID或samaccountnameSet-ADGroup -Add:@{'Member'="CN=Group3,CN=Users,DC=GLOBOMANTICS,DC=COM"} -Identity:"CN=Group1,CN=Users,DC=GLOBOMANTICS,DC=COM" -Server:"DC.GLOBOMANTICS.COM"
Set-ADGroup -Identity:"CN=Group1,CN=Users,DC=GLOBOMANTICS,DC=COM" -Remove:@{'Member'="CN=Group3,CN=Users,DC=GLOBOMANTICS,DC=COM"} -Server:"DC.GLOBOMANTICS.COM"