Question

我需要提供属性＆＃39; Ms-Ds-ConsistencyGUID＆＃39;在我们的AD中，它看起来比我预期的更困难。这是我到目前为止所做的脚本：

ipmo activedirectory

# Combo box

$collection = @()
$a = [System.Management.Automation.Host.ChoiceDescription]::new("&Oui")
$collection+=$a

$b = [System.Management.Automation.Host.ChoiceDescription]::new("&Non")
$collection+=$b

$annuler = 
[System.Management.Automation.Host.ChoiceDescription]::new("&Annuler")
$collection+=$annuler

$prompt = $Host.UI.PromptForChoice("Messagerie","L'utilisateur aura-t-il 
besoin d'une messagerie ?",$collection,0)

Switch ($prompt) {
  0 {

# Import CSV file

$users = import-csv C:\Users\...\Desktop\test_bulk.csv -delimiter ";"


        foreach ($User in $users) 
{
        # User's info

        $Displayname = $User.Givenname + " " + $User.Surname
        $Usersurname = $User.Surname
        $Userfirstname = $User.Givenname
        $SAM = $User.Samaccountname
        $OU = $User.path
        $password = $User.Password
        $UPN = $SAM + "@...com"
        $emailaddress = ($User.Givenname + "." + $User.Surname + "@...com").ToLower()
        $description = get-aduser -Identity $User.gpuser -Properties Description | select -ExpandProperty description
        $homedirectory = "\\server\$($User.Samaccountname)"
        $infotab = $User.invcode
        [guid]$obGUID = get-aduser $newuser -Properties objectguid | Select -ExpandProperty Objectguid
        $newuser = New-ADUser -PassThru -Name $Displayname -Surname 
$Usersurname -GivenName $Userfirstname -SamAccountName $SAM -Path $OU 
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) -
Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $false 
-UserPrincipalName $UPN -EmailAddress $emailaddress -Description 
$description -ScriptPath "login.vbs" -HomeDrive "H:" -HomeDirectory 
$homedirectory 
-OtherAttributes @{businesscategory="Internal"; 
info="|MAIL_MAILBOX_O365||RU_$($infotab)|"; ms-ds-consistencyguid = 
"$obguid"}

    # Group membership

        $gpuser = Get-ADPrincipalGroupMembership $User.gpuser | select -ExpandProperty name
        $excludefromlist = @("Group1", "Group2", "Group3")
        $newgrouplist = $gpuser | where {$_ -notin $excludefromlist}

# Creation of the new user

Add-ADPrincipalGroupMembership -Identity $newuser -MemberOf $newgrouplist
} 
     }
  1 { ... }
  2 { ... }
}

正如您所见，属性＆＃39; ms-ds-consistencyGUID＆＃39;用变量＆＃39; $ obguid＆＃39;喂食。但是该变量从新用户的配置文件中提取objectGUID，该配置文件正在创建的路上。这有点棘手。

你知道我怎么设置它吗？

Answer 1

由于尚未知道GUID，因此无法在创建时设置该属性。您必须在创建后更新它。

您已经指定了PassThru参数，这意味着New-ADUser命令将返回新用户，这意味着您可以将其传递给Set-ADUser。

$newuser = New-ADUser -PassThru ...
Set-ADUser $newuser -Replace @{"ms-ds-consistencyGUID" = $newuser.ObjectGUID}

Answer 2

@Gabriel，你的意思是我可以毫无问题地说明这两个cmdlet：

Add-ADPrincipalGroupMembership -Identity $newuser -MemberOf $newgrouplist
Set-ADUser $newuser -Replace @{"ms-ds-consistencyGUID" = $newuser.ObjectGUID}

我认为这不是正确的方法，但它终于有效......

使用New-ADuser修改Active Directory属性

2 个答案: