使用powershell移动AD用户

时间:2016-11-11 14:45:08

标签: powershell active-directory

我知道我可以使用PowerShell移动AD用户。我想要实现的是根据他们的描述移动一堆用户。我有一个csv文件,在那个csv他们是一年的毕业专栏。我希望所有从2016年到2022年都有YOG的用户都转到高中OU。

我还没有尝试编写代码。我成功地获得了基于部门而不是描述来获取用户帐户的权限。这是一些相同的数据

"ID","FNAME","LNAME","BDATE","GRD","SCHID"
"111111","TEst","student1","19980601","2016","1480"
"222222","test","Student2","19980522","2017","1480"
"333333","test","Student3","19970813","2025","1479"

我已经将学校代码添加到csv文件中。我认为根据这个文件将学生转移到正确的位置会容易得多。 1480是elem,1479 hs。这里也是我用来创建AD帐户的代码。

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv userimport.csv
#Store report in log file in the $log variable
$log = "log.txt"

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a  variable as below

$Username   = $User.ID
$Password   = $User.BDATE
$Firstname  = $User.FNAME
$Lastname   = $User.LNAME
$Department = $User.GRD
$Company    = $User.SCHID #This field refers to the OU the user account is to be moved to

#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
     #If user does exist, give a warning
     Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
    #User does not exist then proceed to create the new user account

    "Processing started (on " + $date + "): " | Out-File $log -append
    "--------------------------------------------" | Out-File $log -append

    #Account will be created in the OU provided by the $OU variable read from the CSV file
    New-ADUser `
        -SamAccountName $Username `
        -UserPrincipalName "$Username@clasd.net" `
        -Name "$Firstname $Lastname" `
        -GivenName $Firstname `
        -Department "$Department" `
        -Company "$Company" `
        -EmailAddress "$Username@clasd.net" `
        -Surname $Lastname `
        -Enabled $True `
        -Scriptpath "login.vbs" `
        -DisplayName "$Firstname $Lastname" `
        -Path "ou=users,ou=hs,dc=clasd,dc=net" `
        -AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
        -ChangePasswordAtLogon $true

 # Add User to Groups
 #Add-ADPrincipalGroupMembership -Identity $Username -MemberOf "Elem","Elem Students"
  Start-Sleep 3

 # Move Users to appropiate OU based on School Code

  $usr = import-csv userimport.csv

  foreach ($User in $usr) {
  if ($user.grd -in 2016){
        Get-ADUser $User.ID | Move-ADObject -TargetPath    'OU=users,ou=hs,dc=clasd,dc=net'
    }
  }
 }
}

1 个答案:

答案 0 :(得分:0)

由于他们的AD用户名是唯一且已包含在您的CSV中,因此只需检查GRD字段是否在2016-2022范围内,然后使用ID字段移动帐户:

$filepath = "C:\path\to\data.csv"

$csv = Import-CSV $filepath
foreach ($user in $csv) {
    if ($user.GRD -in 2016..2022) {
        Get-ADUser $user.ID | Move-ADObject -TargetPath 'OU=High School,DC=domain,Dc=com'
    }
 }

编辑:没有看到您的评论YOG是说明字段,而我使用了GRD,如果这不正确,请告诉我?

EDIT2 :我的答案将在您创建的每个帐户之后运行,而不是在现有脚本中创建,在创建时将帐户置于正确的OU中会更有效:

foreach ($User in $ADUsers)
{
    #Read user data from each field in each row and assign the data to a  variable as below

    $Username   = $User.ID
    $Password   = $User.BDATE
    $Firstname  = $User.FNAME
    $Lastname   = $User.LNAME
    $Department = $User.GRD
    $Company    = $User.SCHID #This field refers to the OU the user account is to be moved to

    # Choose OU
    Switch ($Department)
    {
        "2016" {$OU = 'OU=users,ou=hs,dc=clasd,dc=net'}
        "2017" {$OU = 'OU=2017,OU=users,ou=hs,dc=clasd,dc=net'}
    }

    #Check to see if the user already exists in AD
    if (Get-ADUser -F {SamAccountName -eq $Username})
    {
         #If user does exist, give a warning
         Write-Warning "A user account with username $Username already exist in Active Directory."
    }
    else
    {
        #User does not exist then proceed to create the new user account
        "Processing started (on " + $date + "): " | Out-File $log -append
        "--------------------------------------------" | Out-File $log -append

        #Account will be created in the OU provided by the $OU variable read from the CSV file
        New-ADUser `
            -SamAccountName $Username `
            -UserPrincipalName "$Username@clasd.net" `
            -Name "$Firstname $Lastname" `
            -GivenName $Firstname `
            -Department "$Department" `
            -Company "$Company" `
            -EmailAddress "$Username@clasd.net" `
            -Surname $Lastname `
            -Enabled $True `
            -Scriptpath "login.vbs" `
            -DisplayName "$Firstname $Lastname" `
            -Path $OU `
            -AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
            -ChangePasswordAtLogon $true

        # Add User to Groups
        #Add-ADPrincipalGroupMembership -Identity $Username -MemberOf "Elem","Elem Students"
        Start-Sleep 3
    }
}
相关问题
最新问题