我的脚本与基于csv中的电子邮件的联系人匹配,我可以使用get-adobject -ldapfilter找到该联系人,但是当我尝试将该联系人添加为管理员时,添加失败表明它无法找到联系。它说明找不到的联系人显然存在于目录中。
此行将找到联系人:
$rmanager = Get-ADObject -SearchBase 'OU=workplace,OU=Contacts,DC=office,DC=com' -ldapfilter "(&(objectclass=contact)(name=$fname*)(name=*$lname))"
找到有关联系人的一个例子......
PS C:\temp> Get-ADObject -SearchBase 'OU=workplace,OU=Contacts,DC=office,DC=com' -ldapfilter "(&(objectclass=contact)(name=$fname*)(name=*$lname))"
DistinguishedName Name ObjectClass ObjectGUID
----------------- ---- ----------- ----------
CN=Nick Hill,OU=workplace,OU=Contacts,DC=office,DC=com Nick Hill contact b649bd7e-aac9-4d4b-8203-b6a79f35b91
但是,使用set-aduser这一行会失败,说明无法找到明显存在的联系人...
get-aduser -f {mail -eq $username} |set-aduser -Manager "$rmanager"
set-aduser : Identity info provided in the extended attribute: 'Manager' could not be resolved. Reason: 'Cannot find an object with identity: 'CN=Nick Hill,OU=Workplace,OU=Contacts,DC=office,DC=com' under: 'DC=Office,DC=com'.'.
答案 0 :(得分:1)
我刚试过这个并且有效:
一个。获得尊敬的联系人姓名:
$contactDN = Get-ADObject -LDAPFilter "(&(objectClass=contact)(givenName=firstname)(sn=lastname))"
| Select-Object -ExpandProperty DistinguishedName
湾获取用户对象并替换manager属性:
Get-ADUser username | Get-ADObject | Set-ADObject -Replace @{"manager" = $contactDN}