我编写了一个脚本,用于从过时的安全组中删除用户。这是一所小学,所以我想在今年年初写一些更新年级安全小组的东西。例如,进入2年级的第1年需要删除第1年组并添加到2年级组。
我编写了一个清除组成员身份的函数,但它似乎并没有将if语句验证为true,即使它上面的write-host确认返回的属性之一是" 1年级"
我现在有点抨击我的头了......希望只是一些菜鸟......
# This function checks to see if user is already in a "year X" security group and removes them
Function Clear_GroupMemberships($DeeN) {
Get-ADPrincipalGroupMembership $DeeN | ForEach-Object {
Write-Host $_.name ## This prints two groups - Domain Users and Year 1
## Its the Year X group I am trying to filter for
if($_.name -Contains "Year "){
Remove-ADGroupMember -Identity $_.name -Members $DeeN
Write-Host "[INFO]`t Removed $($sam) from security group : $($_.name)"
"[INFO]`t Removed $($sam) from security group : $($_.name)" | Out-File $log -append
}
}
}