Проблема с итерацией Powershell L oop - PullRequest
Новая
       19

Проблема с итерацией Powershell L oop

0 голосов
/ 11 февраля 2020

При попытке запустить приведенный ниже код кажется, что он проходит через мой первоначальный foreach l oop дважды. Что я не вижу? Я ценю любую помощь. 

$DC = Get-ADDomainController
$OUs = Get-ADOrganizationalUnit -Filter 'Name -eq "test"'
$TimeStamp = get-date -format D
$description = "Disabled on " + $TimeStamp
$canNotDisableUser =  Get-ADGroupMember -Identity DoNotDisableUsers -Recursive | Select -ExpandProperty Name
$accounts = $null

    # Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
    $accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
        foreach($account in $accounts){
        If ($canNotDisableUser -notmatch $account.Name){
         Disable-ADAccount -Identity $account.DistinguishedName -Verbose
        }

    # Disable Protected from Accidental Deletion from OU
    Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf


    # Move Disabled Users to Disabled Users OU & Add Timestamp to Description
    Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
    Set-ADUser $_ -Description $description -Verbose -WhatIf
    Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
    }

    # Enable Protected from Accidental Deletion from OU
    Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
}

enter image description here

1 Ответ

1 голос
/ 11 февраля 2020

Одной из вещей, которая сэкономит вам МНОГО времени на устранение подобных проблем, является «отступ». Сделайте это привычкой всегда проверять правильность отступа. 

# Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
    $accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
    foreach($account in $accounts){
        If ($canNotDisableUser -notmatch $account.Name){
            Disable-ADAccount -Identity $account.DistinguishedName -Verbose
        }

     ### YOU probably intend to close the foreach loop here. If so, Move the LAST brace to this place.

        # Disable Protected from Accidental Deletion from OU
        Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf


        # Move Disabled Users to Disabled Users OU & Add Timestamp to Description
        Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
            Set-ADUser $_ -Description $description -Verbose -WhatIf
            Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
        }

        # Enable Protected from Accidental Deletion from OU
        Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
    }

Исправлено 

    # Search for User Accounts inactive for XX Days and Disable if not in DoNotDisable Security Group
    $accounts = Search-ADAccount -SearchBase $OU -AccountInactive -TimeSpan ([timespan]90d) -UsersOnly
    foreach($account in $accounts){
        If ($canNotDisableUser -notmatch $account.Name){
            Disable-ADAccount -Identity $account.DistinguishedName -Verbose
        }
    }

    # Disable Protected from Accidental Deletion from OU
    Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$false -Verbose -WhatIf


    # Move Disabled Users to Disabled Users OU & Add Timestamp to Description
    Search-ADAccount –AccountDisabled –UsersOnly –SearchBase $OU.DistinguishedName | Foreach-object {
        Set-ADUser $_ -Description $description -Verbose -WhatIf
        Move-ADObject $_ –TargetPath “OU=Disabled Users, DC=xxx,DC=net” -Verbose -WhatIf
    }

    # Enable Protected from Accidental Deletion from OU
    Get-ADOrganizationalUnit -LDAPFilter '(name=*)'  -SearchBase $OU.DistinguishedName -Server $DC | Set-ADObject -ProtectedFromAccidentalDeletion:$true -Verbose -WhatIf
...