Powershell函数生成samAccountName

时间:2019-02-12 09:10:48

标签: powershell active-directory

我正在尝试编写PS函数,该函数将FirstNameLastName作为参数并返回samaccountname。这是该函数应如何工作的算法。

  

名称:Richard Testing

现在查看是否登录richard。如果使用richard,请尝试richard.t。如果使用richard.t,请尝试richard.te。如果使用richard.te,请尝试richard.tes,依此类推。

下面是我的代码。我认为这可以比使用if循环简单得多。

$FirstName = "Richard"
$LastName = "Testing"

function Remove-StringLatinCharacters {
    Param([string]$String)
    [Text.Encoding]::ASCII.GetString([Text.Encoding]::GetEncoding("Cyrillic").GetBytes($String))
}

$FirstnameToUPN = (Remove-StringLatinCharacters -String $firstname).ToLower()
$LastnamenameToUPN = (Remove-StringLatinCharacters -String $lastname).ToLower()

$user = $(try {Get-ADUser $FirstnameToUPN} catch {$null})
if ($user -ne $null) {
    $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]
    $user = $(try {Get-ADUser $upn} catch {$null})
    if ($user -ne $null) {
        $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]
        $user = $(try {Get-ADUser $upn} catch {$null})
        if ($user -ne $null) {
            $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]
            $user = $(try {Get-ADUser $upn} catch {$null})
            if ($user -ne $null) {
                $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]
            } else {
                $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]
            }
        } else {
            $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]
        }
    } else {
        $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]
    }
} else {
    $upn=$FirstnameToUPN
}

编辑#1: 

$upn = $FirstnameToUPN
if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
    $upn = $FirstnameToUPN+"."+$LastnamenameToUPN[0]
    if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
        $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]
        if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
            $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]
            if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
                $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]
                if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
                    $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]+$LastnamenameToUPN[4]
                    if (Get-Aduser -Filter {SamAccountName -eq $upn}) {
                        $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]+$LastnamenameToUPN[4]+$LastnamenameToUPN[5]
                    } else {
                        $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]+$LastnamenameToUPN[4]
                    }
                } else {
                    $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]
                }
            } else {
                $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]+$LastnamenameToUPN[2]+$LastnamenameToUPN[3]
            }
        } else {
            $upn = $FirstnameToUPN + "." + $LastnamenameToUPN[0]+$LastnamenameToUPN[1]
        }
    } else {
        $upn = $FirstnameToUPN+"."+$LastnamenameToUPN[0]
    }
} else {
    $upn = $FirstnameToUPN
}

2 个答案:

答案 0 :(得分:1)

您仅从名字开始,然后在姓氏后面附加字符,直到结果帐户名在AD中不存在或字符用完:

$acct = $FirstnameToUPN
$cnt  = 1
while (-not (Get-ADUser -Filter "SamAccountName -eq '$acct'") -and $cnt -le $LastnameToUPN.Length) {
    $acct = "${FirstnameToUPN}." + $LastnameToUPN.Substring(0, $cnt)
    $cnt++
}

if (Get-ADUser -Filter "SamAccountName -eq '$acct'") {
    Write-Error "No unused account name found for ${firstname} ${lastname}."
}

答案 1 :(得分:1)

您可以比较现有的用户名 all 与可能的新用户名组合 all ,而不是逐一检查每个可能的用户名。

实际上,只需一次调用Get-ADUser,即可完成整个操作:

# get existing accounts that could match using wildcard '$FirstnameToUPN*'
$existingAccounts = Get-ADUser -Filter "samaccountname -like '$FirstnameToUPN*'" -properties samAccountName | Select-Object -ExpandProperty samaccountname

# create all possible samaccountname combinations
$all_samaccountname = 0..($LastnamenameToUPN.Length) | % {$FirstnameToUPN + "." + $LastnamenameToUPN.substring(0, $_)}

# change first entry from "Firstname." to just "Firstname"
$all_samaccountname.Item(0) = $all_samaccountname.Item(0).TrimEnd('.')

# remove existing accounts from the possible samaccountname combinations
# then select the first available samaccountname match
$upn = $all_samaccountname | Where-Object { $existingAccounts -notcontains $_ } | Select-Object -First 1

# error if there's no matches and no username combination available
if (!($upn)) {
    Write-Error "No possible upn combinations available for: $firstname $lastname"
}
相关问题
最新问题