我正在努力将用户批量导入AD并拥有一个脚本:
Import-Module ActiveDirectory
$path = Split-Path -Parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_users.csv"
# Define variables
$log = $path + "\created_ActiveDirectory_users.log"
$date = Get-Date
$i = 0
function createActiveDirectoryUsers {
"Created the following Active Directory users (on " + $date + "): " | Out-File $log -Append
"--------------------------------------------" | Out-File $log -Append
Import-Csv $newpath | ForEach-Object {
$samAccount = $_.SamAccountName
try {
$exists = Get-ADUser -LDAPFilter "(sAMAccountName=$samAccount)"
} catch { }
if (!$exists) {
$i++
# Set all variables according to the table names in the Excel
# sheet / import CSV. The names can differ in every project, but
# if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -Force
New-ADUser -Name $_.DisplayName -SamAccountName $_.SamAccountName -GivenName $_.GivenName -Initials $_.Initials `
-Surname $_.SN -DisplayName $_.DisplayName -Office $_.OfficeName `
-Description $_.Description -EmailAddress $_.eMail `
-StreetAddress $_.StreetAddress -City $_.L `
-PostalCode $_.PostalCode -Country $_.CO -UserPrincipalName $_.UPN `
-Company $_.Company -Department $_.Department -EmployeeID $_.ID `
-OfficePhone $_.Phone -AccountPassword $setpass -Enabled $true -Path $_.OU
$output = $i.ToString() + ") Name: " + $_.CN + " sAMAccountName: "
$output += $sam + " Pass: " + $_.Password
$output | Out-File $log -append
} else {
"SKIPPED - USER ALREADY EXISTS OR ERROR: " + $_.CN | Out-File $log -append
}
}
"----------------------------------------" + "`n" | Out-File $log -append
}
createActiveDirectoryUsers
但是,当我尝试导入CSV文件时,出现以下错误:
New-ADUser : The object name has bad syntax
At C:\temp\bulk_create_users.ps1:33 char:17
+ New-ADUser <<<< -Name $_.DisplayName -SamAccountName $_.SamAccountName -GivenName $_.GivenName -Initials $_.Initials `
+ CategoryInfo : NotSpecified: (CN=Ranae Gentry...C=abbhq,DC=com":String) [New-ADUser], ADException
+ FullyQualifiedErrorId : The object name has bad syntax,Microsoft.ActiveDirectory.Management.Commands.NewADUser
不完全确定这里的语法是错误的。
答案 0 :(得分:0)
看看以下内容是否会帮助您。我不确定为什么在创建用户期间你有$i++,但这实际上只是倒数CSV列表。对我来说,在该位置添加它是不合逻辑的。
如果用户不存在,则创建用户。
! =逻辑不对
Try首先创建用户,但如果脚本有问题,请通过Catch告诉我。
您希望用户名在所选OU中看起来合乎逻辑。我们必须将SAMaccount中的Idenity重命名为用户名。
对我而言,记录看起来并不符合逻辑,我已经重新编写了它。为您提供用户的全名,帐户名和密码,以便于阅读任何副本和过去。
您还可以使用以下内容查看CSV文件是否输出正确。
#Test to make sure your output looks correct
#You can do this by running the following:
Import-csv ".\import_create_ad_users.csv" | Out-GridView
# ERROR REPORTING ALL
# When strict mode is on, Windows PowerShell generates a terminating error when the content of an expression, script, or script block violates basic best-practice coding rules.
Set-StrictMode -Version latest
Import-Module ActiveDirectory
$path = Split-Path -Parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_users.csv"
# Define variables
$log = $path + "\created_ActiveDirectory_users.log"
$date = Get-Date
$i = 0
Function createActiveDirectoryUsers {
"Created the following Active Directory users (on " + $date + "): " | Out-File $log -Append
"--------------------------------------------" | Out-File $log -Append
#Import CSV
Import-Csv $newpath | ForEach-Object {
# Check to see if SamAccount exists
$samAccount = $_.SamAccountName
try {
$exists = Get-ADUser -LDAPFilter "(sAMAccountName=$samAccount)"
} catch { }
If(!$exists){
#Convert Password to Secure String
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -Force
Try
{
New-ADUser -Name $_.DisplayName -SamAccountName $_.SamAccountName -GivenName $_.GivenName -Initials $_.Initials `
-Surname $_.SN -DisplayName $_.DisplayName -Office $_.OfficeName `
-Description $_.Description -EmailAddress $_.eMail `
-StreetAddress $_.StreetAddress -City $_.L `
-PostalCode $_.PostalCode -Country $_.CO -UserPrincipalName $_.UPN `
-Company $_.Company -Department $_.Department -EmployeeID $_.ID `
-OfficePhone $_.Phone -AccountPassword $setpass -Enabled $true -Path $_.OU
$dn = (Get-ADUser $_.SamAccountName).DistinguishedName
# Rename the object to a good looking name
$newdn = (Get-ADUser $_.SamAccountName).DistinguishedName
Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.Initials + " "+ $_.SN)
#Create Log
"[INFORMATION]`t Renamed the user $($_.SamAccountName) to $($_.GivenName) $($_.SN)`r`n" | Out-File $log -append
"[INFORMATION]`t Created new user named: $($_.SamAccountName)" | Out-File $log -append
"[INFORMATION]`t Password for new user: $($_.Password)" | Out-File $log -append
}
Catch
{
# Error if something with the user was broken
Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
}
}
Else
{
Write-Host "[SKIPPED]`t User $($_.SamAccountName) ($($_.GivenName) $($_.SN)) already exists or returned an error!`r`n"
"[SKIPPED]`t User $($_.SamAccountName) ($($_.GivenName) $($_.SN)) already exists or returned an error!" | Out-File $log -append
}
$i++
}
"Processing ended (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" + "`r`n" | Out-File $log -append
}
createActiveDirectoryUsers
如果以下脚本没有按照您的意愿执行操作,请发表评论并进行修复。
答案 1 :(得分:0)
Mathias was suggesting将所有参数和值放在hashtable:
中$params = @{
Name = $_.DisplayName
SamAccountName = $_.SamAccountName
GivenName = $_.GivenName
Initials = $_.Initials
Surname = $_.SN
DisplayName = $_.DisplayName
Office = $_.OfficeName
Description = $_.Description
EmailAddress = $_.eMail
StreetAddress = $_.StreetAddress
City = $_.L
PostalCode = $_.PostalCode
Country = $_.CO
UserPrincipalName = $_.UPN
Company = $_.Company
Department = $_.Department
EmployeeID = $_.ID
OfficePhone = $_.Phone
AccountPassword = $setpass
Enabled = $true
Path = $_.OU
}
以便您可以输出该哈希表以进行调试(以帮助识别参数问题),例如像这样:
Write-Debug ([PSCustomObject]$params)
和splat New-ADUser:
New-ADUser @params
如果只想在发生实际错误的情况下输出,可以将New-ADUser语句放在try..catch语句中,使所有错误terminating errors,并输出当前参数数据发生错误后的catch阻止。
try {
New-ADUser @params -ErrorAction Stop
} catch {
Write-Debug ([PSCustomObject]$params) # output parameter info
$_ # output the actual error
}