我有一个包含1500多个用户的CSV,每个类OU有30个用户,然后每个Intake OU有6个类OU。我想要实现的是foreach (user in CSV),检查OU是否存在,然后检查父OU是否存在,仅在不存在的情况下创建父OU,然后创建OU,然后创建用户,或者如果OU存在,只需创建用户。
以下是我正在使用的代码:
$ErrorActionPreference = "Stop"
Import-Module ActiveDirectory
$CSV = Import-Csv "C:\Scripts\AddPupils.csv"
foreach ($user in $CSV) {
# Variables
$GivenName = $user.GivenName
$SurName = $user.SurName
$UserName = $user.UserName
$Class = $user.YearClass
$Intake = $user.Intake
$DisplayName = $GivenName+" "+$SurName
# Create User
$UserOUParent = "OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
$UserOU = "OU=Class "+$Class.Substring(1,1)+",OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
$NewUserOUParentCheck = [ADSI]::Exists("LDAP://$UserOUParent")
$NewUserOUCheck = [ADSI]::Exists("LDAP://$UserOU")
if ($NewUserOUCheck -eq $false){
if ($NewUserOUParentCheck -eq $false){
"Create Parent Ou"
New-ADOrganizationalUnit `
-Name ("Year "+$Intake+" Intake") `
-Path "OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com" `
-ProtectedFromAccidentalDeletion $False
}
"Create OU"
New-ADOrganizationalUnit `
-Name ("Class "+$Class.Substring(1,1)) `
-Path ("OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
-ProtectedFromAccidentalDeletion $False
}
"Create User"
New-ADUser `
-Name $DisplayName `
-SurName $SurName `
-GivenName $GivenName `
-DisplayName $DisplayName `
-SamAccountName $UserName `
-UserPrincipalName ($UserName+"@Zulbag.com") `
-AccountPassword (ConvertTo-SecureString "Testing123" -AsPlainText -force) `
-CannotChangePassword $true `
-ChangePasswordAtLogon $false `
-PasswordNeverExpires $true `
-EmailAddress ($UserName+"@Zulbag.com") `
-Country "GB" `
-Path ("OU=Class "+$Class.Substring(1,1)+",OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
-ProfilePath ("D:\Shares\User Accounts\Students\Intake Year "+$Intake+"\Class "+$Class.Substring(1,1)+"\Profiles\"+$DisplayName) `
-Enabled $true
Start-Sleep -Seconds 5
# Add To Group
$Group = "CN=Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)+",OU=Intake "+$Intake+",OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
$GroupOU = "OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
$NewGroupCheck = [ADSI]::Exists("LDAP://$Group")
$NewGroupOUCheck = [ADSI]::Exists("LDAP://$GroupOU")
if ($NewGroupCheck -eq $false) {
if ($NewGroupOUCheck -eq $false) {
"Create OU"
New-ADOrganizationalUnit `
-Name ("Intake "+$Intake) `
-Path "OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com" `
-ProtectedFromAccidentalDeletion $False
}
"create Group"
New-ADGroup `
-Name ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) `
-GroupScope "Global" `
-Path ("OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com")
}
"Add Member"
Add-ADGroupMember ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) $UserName
}
pause
示例CSV:
GivenName,SurName,Class,UserName,Intake Ali,Grisdale,1B,AGris,2016 Ayomiposi,Olayera,1B,AOlay,2016
在使用Write-Output的测试中,[ADSI]正确验证但似乎在此处验证不正确,我不断收到的错误消息是:
New-ADOrganizationalUnit : An attempt was made to add an object to the
directory with a name that is already in use
At C:\Scripts\AddPupils-Afzal.ps1:24 char:13
+ New-ADOrganizationalUnit
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (OU=Year 2016 In...C=Zulbag,DC=Com:String) [New-ADOrganizationalUnit], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8305,Microsoft.ActiveDirectory.Management.Commands.NewADOrganizationalUnitdirectory
它成功创建了父OU,类OU和用户,但无法创建第二个用户,而是再次错误地验证了OU。
任何想法?
答案 0 :(得分:0)
检查脚本是否存在路径错误!