Я создал автоматизированный сценарий на готовом сервере, который будет запускаться раз в год. Предполагается, что учащиеся в течение года переходят на следующий год и добавляют новые членства при удалении уровня старого года.
Эта проблема заключается в том, что когда я разделяю скрипт на 3 скрипта, он работает без проблем.но когда я объединяю их в один и тот же сценарий PowerShell, профили не перемещаются в новое подразделение, все члены изменяются.
import-module ActiveDirectory
$properties = @('Name', 'Enabled', 'HomeDirectory', 'DistinguishedName')
$dc = 'DC1.unisa.local' # EDIT LINE BETWEEN -> ''
$our = 'OU=test 1,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou1 = 'OU=test 2,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou2 = 'OU=test 3,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou3 = 'OU=test 4,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou4 = 'OU=test 5,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou5 = 'OU=test 6,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$ou6 = 'OU=test 7,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$oud = 'OU=del,OU=USR,DC=unisa,DC=local' # EDIT LINE BETWEEN -> ''
$adGroupNamer = 'Reception' # EDIT LINE BETWEEN -> ''
$adGroupName1 = 'Year1' # EDIT LINE BETWEEN -> ''
$adGroupName2 = 'Year2' # EDIT LINE BETWEEN -> ''
$adGroupName3 = 'Year3' # EDIT LINE BETWEEN -> ''
$adGroupName4 = 'Year4' # EDIT LINE BETWEEN -> ''
$adGroupName5 = 'Year5' # EDIT LINE BETWEEN -> ''
$adGroupName6 = 'Year6' # EDIT LINE BETWEEN -> ''
$adGroupNamed = 'Disabled Account' # EDIT LINE BETWEEN -> ''
$adGroupNames = 'Students' # EDIT LINE BETWEEN -> ''
$adGroupNameu = 'Users1' # EDIT LINE BETWEEN -> ''
$adGroupNamesu = 'Sophos User' # EDIT LINE BETWEEN -> ''
Start-Transcript -OutputDirectory "\\dc1\SYSVOL\unisa.local\scripts" # EDIT LINE BETWEEN -> ""
##DO NOT EDIT BELOW THIS LINE - DO NOT EDIT BELOW THIS LINE - DO NOT EDIT BELOW THIS LINE - DO NOT EDIT BELOW THIS LINE##
###############################################################################################################################################
$adUserIdsr = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($our) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds1 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou1) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds2 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou2) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds3 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou3) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds4 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou4) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds5 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou5) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIds6 = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($ou6) -Properties $properties | Select-object $properties | Sort-Object Name
$adUserIdsd = Get-ADUser -Filter {Enabled -eq "True"} -SearchBase ($oud) -Properties $properties | Select-object $properties | Sort-Object Name
foreach($adUsersd in $adUserIds6)
{
$adGroupMembershipd = Get-ADPrincipalGroupMembership -Identity $($adUsersd.DistinguishedName) -Server $dc
$radGroup6 = Get-ADGroup $adGroupName6
$radGroups = Get-ADGroup $adGroupNames
$radGroupu = Get-ADGroup $adGroupNameu
$radGroupsu = Get-ADGroup $adGroupNamesu
"Removing Active Directory user $($adUsersd.Name) from the following MemerOf $($radGroup6.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsersd.DistinguishedName) -MemberOf $($radGroup6.DistinguishedName) -Server $dc -ErrorAction Stop
"Removing Active Directory user $($adUsersd.Name) from the following MemerOf $($radGroups.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsersd.DistinguishedName) -MemberOf $($radGroups.DistinguishedName) -Server $dc -ErrorAction Stop
"Removing Active Directory user $($adUsersd.Name) from the following MemerOf $($radGroupu.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsersd.DistinguishedName) -MemberOf $($radGroupu.DistinguishedName) -Server $dc -ErrorAction Stop
"Removing Active Directory user $($adUsersd.Name) from the following MemerOf $($radGroupsu.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsersd.DistinguishedName) -MemberOf $($radGroupsu.DistinguishedName) -Server $dc -ErrorAction Stop
"Disabling Active Directory user account $($adUsersd.Name)"
Disable-ADAccount -Confirm:$false -Identity $($adUsersd.DistinguishedName) -Server $dc -ErrorAction Stop
"Moving Active Directory user: $($adUsersd.Name) to the retired group"
Move-ADObject -Identity $($adUsersd.DistinguishedName) -TargetPath $oud
}
foreach($adUsers6 in $adUserIds5)
{
$adGroupMembership6 = Get-ADPrincipalGroupMembership -Identity $($adUsers6.DistinguishedName) -Server $dc
$adGroup6 = Get-ADGroup $adGroupName6
$radGroup5 = Get-ADGroup $adGroupName5
"Removing Active Directory user $($adUsers6.Name) from the following MemerOf $($radGroup5.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers6.DistinguishedName) -MemberOf $($radGroup5.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership6 -like $($adGroup6.Name))
{
"$adUsers6.Name is alreay a member of group $($adGroup6.Name)"
}
else
{
"Adding Active Directory user $($adUsers6.Name) the the global security group $($adGroup6.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers6.DistinguishedName) -MemberOf $($adGroup6.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers6.Name) to next year level"
Move-ADObject -Identity $($adUsers6.DistinguishedName) -TargetPath $ou6
}
foreach($adUsers5 in $adUserIds4)
{
$adGroupMembership5 = Get-ADPrincipalGroupMembership -Identity $($adUsers5.DistinguishedName) -Server $dc
$adGroup5 = Get-ADGroup $adGroupName5
$radGroup4 = Get-ADGroup $adGroupName4
"Removing Active Directory user $($adUsers5.Name) from the following MemerOf $($radGroup4.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers5.DistinguishedName) -MemberOf $($radGroup4.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership5 -like $($adGroup5.Name))
{
"$adUsers5.Name is alreay a member of group $($adGroup5.Name)"
}
else
{
"Adding Active Directory user $($adUsers5.Name) the the global security group $($adGroup5.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers5.DistinguishedName) -MemberOf $($adGroup5.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers5.Name) to next year level"
Move-ADObject -Identity $($adUsers5.DistinguishedName) -TargetPath $ou5
}
foreach($adUsers4 in $adUserIds3)
{
$adGroupMembership4 = Get-ADPrincipalGroupMembership -Identity $($adUsers4.DistinguishedName) -Server $dc
$adGroup4 = Get-ADGroup $adGroupName4
$radGroup3 = Get-ADGroup $adGroupName3
"Removing Active Directory user $($adUsers4.Name) from the following MemerOf $($radGroup3.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers4.DistinguishedName) -MemberOf $($radGroup3.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership4 -like $($adGroup4.Name))
{
"$adUsers4.Name is alreay a member of group $($adGroup4.Name)"
}
else
{
"Adding Active Directory user $($adUsers4.Name) the the global security group $($adGroup4.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers4.DistinguishedName) -MemberOf $($adGroup4.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers4.Name) to next year level"
Move-ADObject -Identity $($adUsers4.DistinguishedName) -TargetPath $ou5
}
foreach($adUsers3 in $adUserIds2)
{
$adGroupMembership3 = Get-ADPrincipalGroupMembership -Identity $($adUsers3.DistinguishedName) -Server $dc
$adGroup3 = Get-ADGroup $adGroupName3
$radGroup2 = Get-ADGroup $adGroupName2
"Removing Active Directory user $($adUsers3.Name) from the following MemerOf $($radGroup2.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers3.DistinguishedName) -MemberOf $($radGroup2.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership3 -like $($adGroup3.Name))
{
"$adUsers3.Name is alreay a member of group $($adGroup3.Name)"
}
else
{
"Adding Active Directory user $($adUsers3.Name) the the global security group $($adGroup3.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers3.DistinguishedName) -MemberOf $($adGroup3.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers3.Name) to next year level"
Move-ADObject -Identity $($adUsers3.DistinguishedName) -TargetPath $ou3
}
foreach($adUsers2 in $adUserIds1)
{
$adGroupMembership2 = Get-ADPrincipalGroupMembership -Identity $($adUsers2.DistinguishedName) -Server $dc
$adGroup2 = Get-ADGroup $adGroupName2
$radGroup1 = Get-ADGroup $adGroupName1
"Removing Active Directory user $($adUsers2.Name) from the following MemerOf $($radGroup1.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers2.DistinguishedName) -MemberOf $($radGroup1.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership2 -like $($adGroup2.Name))
{
"$adUsers1.Name is alreay a member of group $($adGroup2.Name)"
}
else
{
"Adding Active Directory user $($adUsers2.Name) the the global security group $($adGroup2.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers2.DistinguishedName) -MemberOf $($adGroup2.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers2.Name) to next year level"
Move-ADObject -Identity $($adUsers2.DistinguishedName) -TargetPath $ou2
}
foreach($adUsers1 in $adUserIdsr)
{
$adGroupMembership1 = Get-ADPrincipalGroupMembership -Identity $($adUsers1.DistinguishedName) -Server $dc
$adGroup1 = Get-ADGroup $adGroupName1
$radGroupr = Get-ADGroup $adGroupNamer
"Removing Active Directory user $($adUsers1.Name) from the following MemerOf $($radGroupr.Name)"
Remove-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers1.DistinguishedName) -MemberOf $($radGroupr.DistinguishedName) -Server $dc -ErrorAction Stop
if($adGroupMembership1 -like $($adGroup1.Name))
{
"$adUsers1.Name is alreay a member of group $($adGroup1.Name)"
}
else
{
"Adding Active Directory user $($adUsers1.Name) the the global security group $($adGroup1.Name)"
Add-ADPrincipalGroupMembership -Confirm:$false -Identity $($adUsers1.DistinguishedName) -MemberOf $($adGroup1.DistinguishedName) -Server $dc -ErrorAction Stop
}
"Moving Active Directory user: $($adUsers1.Name) to next year level"
Move-ADObject -Identity $($adUsers1.DistinguishedName) -TargetPath $ou
}