Question

我在创建用户脚本中收到以下错误。

ConvertTo-SecureString：无法将参数绑定到参数＆＃39; String＆＃39;因为它是一个空字符串。在C：\ AD_Scripts \ psscripts \ user_create.ps1：59 char：54 + -AccountPassword（convertto-securestring＆＃34; $ Password＆＃34; -AsPlainText -F ... + ~~~~~~~~~~~ + CategoryInfo：InvalidData：（:) [ConvertTo-SecureString]，ParameterBindingValidationException + FullyQualifiedErrorId：ParameterArgumentValidationErrorEmptyStringNotAllowed，Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv userimport.csv
#Store report in log file in the $log variable
$log = "log.txt"

#Loop through each row containing user details in the CSV file 

foreach ($User in $ADUsers)
{
 #Read user data from each field in each row and assign the data to a  variable as below

$Username   = $User.ID
$Password   = $User.BDATE
$Firstname  = $User.FNAME
$Lastname   = $User.LNAME
$Department = $User.GRD
$Company    = $User.SCHID #This field refers to the OU the user account is to be moved to

# Choose OU
Switch ($Company)
{
    "1480" {$OU = 'OU=students,OU=users,ou=hs,dc=clasd,dc=net'}
    "1479" {$OU = 'OU=students,OU=users,ou=elem,dc=clasd,dc=net'}
    "1480" {$Folder = '\\hs-ss\students\hs'}
    "1479" {$Folder = '\\hs-ss\students\elem'}
}

#Check to see if the user already exists in AD
if (Get-ADUser -LDAPFilter {$Username=$user.$SamAccountName})
{
     #If user does exist, give a warning
     Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
    #User does not exist then proceed to create the new user account
    "Processing started (on " + $date + "): " | Out-File $log -append
    "--------------------------------------------" | Out-File $log -append

    #Account will be created in the OU provided by the $OU variable read from the CSV file
    New-ADUser `
        -SamAccountName $Username `
        -UserPrincipalName "$Username@clasd.net" `
        -Name "$Firstname $Lastname" `
        -GivenName $Firstname `
        -Department "$Department" `
        -Company "$Company" `
        -EmailAddress "$Username@clasd.net" `
        -Surname $Lastname `
        -Enabled $True `
        -Scriptpath "login.vbs" `
        -DisplayName "$Firstname $Lastname" `
        -Path $OU `
        -Homedrive "Z" `
        -homedirectory "$Folder\$username" `
        -AccountPassword (convertto-securestring "$Password" -AsPlainText -Force) `
        -ChangePasswordAtLogon $true   

}

}

我从

更改此行之前从未收到错误

if (Get-ADUser -F {SamAccountName -eq $Username})

到

if (Get-ADUser -LDAPFilter {$Username=$user.$SamAccountName})

我导入的cvs文件如下所示：

＆＃34; ID＆＃34;＆＃34; FNAME＆＃34;＆＃34; L-NAME＆＃34;＆＃34; BDATE＆＃34;＆＃34; GRD＆＃34;＆＃ 34; SCHID＆＃34; ＆＃34; 111111＆＃34;＆＃34;试验＆＃34;＆＃34; student1＆＃34;＆＃34; 20001225＆＃34;＆＃34; 2016＆＃34;＆＃34; 1480＆＃34; ＆＃34; 333333＆＃34;＆＃34;测试＆＃34;＆＃34;学生三＆＃34;＆＃34; 2001225＆＃34;＆＃34; 2025＆＃34;＆＃34; 1479＆＃34;

我使用Bdate作为用户密码

Answer 1

所以这里有两个问题，首先你永远不会声明$Password解释你得到的错误，因为你将null值传递给convertto-securestring，你也想删除引号变量，他们不会破坏任何东西，但他们不符合惯例。所以改变

-AccountPassword (convertto-securestring "$Password" -AsPlainText -Force)

到

-AccountPassword (convertto-securestring $User.BDATE -AsPlainText -Force)

您还应该查看旨在阻止脚本尝试创建已存在的用户的If语句，您的LDAP过滤器{$Username=$user.$SamAccountName}将始终返回false，因为它不是有效格式，应该在比较运算符和$ user的两边都没有变量。$ SamAccountName在您的脚本中不存在。并不是说任何真正重要的因为新用户如果用户已经存在就会自行错误。

ConvertTo-Secure字符串错误

1 个答案: