Question

У меня есть скрипт для добавления пользователя в активный каталог. Пользователь создается (хотя есть некоторые проблемы, для которых я создам отдельные вопросы), но пользователь не добавляется в группы из-за ошибки, что группы не найдены. Но я подтвердил, что группы в AD. Вот код, который у меня сейчас есть:

$Orig_exec_policy = Get-ExecutionPolicy
Set-ExecutionPolicy Bypass -Force
<# This form was created using POSHGUI.com  a free online gui designer for PowerShell
.NAME
    Untitled
#>

Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()

#region Window properties
$AD_user_creation                = New-Object system.Windows.Forms.Form
$AD_user_creation.ClientSize     = '480,740'
$AD_user_creation.text           = "AD user creation - WG Mustang"
$AD_user_creation.TopMost        = $false
#endregion

[void]$AD_user_creation.SuspendLayout()

#region Real name of the user
$Display_name_lbl                = New-Object system.Windows.Forms.Label
$Display_name_lbl.text           = "User`'s real name"
$Display_name_lbl.AutoSize       = $true
$Display_name_lbl.width          = 25
$Display_name_lbl.height         = 10
$Display_name_lbl.location       = New-Object System.Drawing.Point(10,10)

$First_name_val                  = New-Object system.Windows.Forms.TextBox
$First_name_val.multiline        = $false
$First_name_val.width            = 120
$First_name_val.height           = 20
$First_name_val.location         = New-Object System.Drawing.Point(200,10)

$Second_name_val                 = New-Object system.Windows.Forms.TextBox
$Second_name_val.multiline       = $false
$Second_name_val.width           = 120
$Second_name_val.height          = 20
$Second_name_val.location        = New-Object System.Drawing.Point(330,10)

$Display_name_val                = New-Object system.Windows.Forms.Label
$Display_name_val.Text           = ""
$Display_name_val.width          = 250
$Display_name_val.height         = 20
$Display_name_val.location       = New-Object System.Drawing.Point(200,40)
#endregion

#region User name of the user
$User_name_lbl                   = New-Object system.Windows.Forms.Label
$User_name_lbl.text              = "User logon name"
$User_name_lbl.AutoSize          = $true
$User_name_lbl.width             = 25
$User_name_lbl.height            = 10
$User_name_lbl.location          = New-Object System.Drawing.Point(10,70)

$User_name_val                   = New-Object system.Windows.Forms.TextBox
$User_name_val.multiline         = $false
$User_name_val.width             = 250
$User_name_val.height            = 20
$User_name_val.location          = New-Object System.Drawing.Point(200,70)
#endregion

#region Account password
$Password_lbl                    = New-Object system.Windows.Forms.Label
$Password_lbl.text               = "Password"
$Password_lbl.AutoSize           = $true
$Password_lbl.width              = 25
$Password_lbl.height             = 10
$Password_lbl.location           = New-Object System.Drawing.Point(10,100)

$Password_ini_val                = New-Object system.Windows.Forms.MaskedTextBox
$Password_ini_val.multiline      = $false
$Password_ini_val.width          = 250
$Password_ini_val.height         = 20
$Password_ini_val.UseSystemPasswordChar = $true
$Password_ini_val.location       = New-Object System.Drawing.Point(200,100)

$Password_conf_val               = New-Object system.Windows.Forms.MaskedTextBox
$Password_conf_val.multiline     = $false
$Password_conf_val.width         = 250
$Password_conf_val.height        = 20
$Password_conf_val.UseSystemPasswordChar = $true
$Password_conf_val.location      = New-Object System.Drawing.Point(200,130)
#endregion

#region Location of the user
$Location_lbl                    = New-Object system.Windows.Forms.Label
$Location_lbl.text               = "Location"
$Location_lbl.AutoSize           = $true
$Location_lbl.width              = 25
$Location_lbl.height             = 10
$Location_lbl.location           = New-Object System.Drawing.Point(10,160)

$Location_val                    = New-Object system.Windows.Forms.TextBox
$Location_val.multiline          = $false
$Location_val.text               = "OU=Users,OU=ADM,DC=Domain,DC=com"
$Location_val.width              = 250
$Location_val.height             = 20
$Location_val.location           = New-Object System.Drawing.Point(200,160)
#endregion

#region Checkboxes
$Must_chg_pass                   = New-Object system.Windows.Forms.CheckBox
$Must_chg_pass.text              = "User must change password at next logon"
$Must_chg_pass.AutoSize          = $false
$Must_chg_pass.width             = 290
$Must_chg_pass.height            = 20
$Must_chg_pass.location          = New-Object System.Drawing.Point(200,190)

$Cannot_chg_pass                 = New-Object system.Windows.Forms.CheckBox
$Cannot_chg_pass.text            = "User cannot change password"
$Cannot_chg_pass.AutoSize        = $false
$Cannot_chg_pass.width           = 250
$Cannot_chg_pass.height          = 20
$Cannot_chg_pass.location        = New-Object System.Drawing.Point(200,220)
$Cannot_chg_pass.Checked         = $true

$Pass_not_expires                = New-Object system.Windows.Forms.CheckBox
$Pass_not_expires.text           = "Password never expires"
$Pass_not_expires.AutoSize       = $false
$Pass_not_expires.width          = 250
$Pass_not_expires.height         = 20
$Pass_not_expires.location       = New-Object System.Drawing.Point(200,250)
$Pass_not_expires.Checked        = $true

$Account_disabled_val            = New-Object system.Windows.Forms.CheckBox
$Account_disabled_val.text       = "Account is active"
$Account_disabled_val.AutoSize   = $false
$Account_disabled_val.width      = 250
$Account_disabled_val.height     = 20
$Account_disabled_val.location   = New-Object System.Drawing.Point(200,280)
$Account_disabled_val.Checked    = $false
#endregion

#region Description
$GECOS_lbl                       = New-Object system.Windows.Forms.Label
$GECOS_lbl.text                  = "Description"
$GECOS_lbl.AutoSize              = $true
$GECOS_lbl.width                 = 25
$GECOS_lbl.height                = 10
$GECOS_lbl.location              = New-Object System.Drawing.Point(10,310)

$GECOS_val                       = New-Object system.Windows.Forms.TextBox
$GECOS_val.multiline             = $false
$GECOS_val.width                 = 250
$GECOS_val.height                = 20
$GECOS_val.location              = New-Object System.Drawing.Point(200,310)
#endregion

#region Group membership
$ADGroups_lbl                    = New-Object system.Windows.Forms.Label
$ADGroups_lbl.text               = "AD Groups"
$ADGroups_lbl.AutoSize           = $true
$ADGroups_lbl.width              = 25
$ADGroups_lbl.height             = 10
$ADGroups_lbl.location           = New-Object System.Drawing.Point(10,340)

$ADGroups_val                    = New-Object system.Windows.Forms.TextBox
$ADGroups_val.multiline          = $true
$ADGroups_val.width              = 250
$ADGroups_val.height             = 160
$ADGroups_val.location           = New-Object System.Drawing.Point(200,340)
#endregion

#region Additional attributes
$Ext_Attribute5_lbl              = New-Object System.Windows.Forms.Label
$Ext_Attribute5_lbl.Text         = "Extension Attribute5"
$Ext_Attribute5_lbl.AutoSize     = $true
$Ext_Attribute5_lbl.Width        = 25
$Ext_Attribute5_lbl.Height       = 10
$Ext_Attribute5_lbl.Location     = New-Object System.Drawing.Point(10,510)

$Ext_Attribute5_val              = New-Object System.Windows.Forms.TextBox
$Ext_Attribute5_val.Text         = "Company name"
$Ext_Attribute5_val.Multiline    = $false
$Ext_Attribute5_val.Width        = 250
$Ext_Attribute5_val.Height       = 20
$Ext_Attribute5_val.Location     = New-Object System.Drawing.Point(200,510)

$Ext_Attribute10_lbl             = New-Object System.Windows.Forms.Label
$Ext_Attribute10_lbl.Text        = "Extension Attribute10"
$Ext_Attribute10_lbl.AutoSize    = $true
$Ext_Attribute10_lbl.Width       = 25
$Ext_Attribute10_lbl.Height      = 10
$Ext_Attribute10_lbl.Location    = New-Object System.Drawing.Point(10,540)

$Ext_Attribute10_val             = New-Object System.Windows.Forms.TextBox
$Ext_Attribute10_val.Text        = "Region"
$Ext_Attribute10_val.Multiline   = $false
$Ext_Attribute10_val.Width       = 250
$Ext_Attribute10_val.Height      = 20
$Ext_Attribute10_val.Location    = New-Object System.Drawing.Point(200,540)

$Ext_Attribute15_lbl             = New-Object System.Windows.Forms.Label
$Ext_Attribute15_lbl.Text        = "Extension Attribute15"
$Ext_Attribute15_lbl.AutoSize    = $true
$Ext_Attribute15_lbl.Width       = 25
$Ext_Attribute15_lbl.Height      = 10
$Ext_Attribute15_lbl.Location    = New-Object System.Drawing.Point(10,570)

$Ext_Attribute15_val             = New-Object System.Windows.Forms.TextBox
$Ext_Attribute15_val.Text        = "EH/WH"
$Ext_Attribute15_val.Multiline   = $false
$Ext_Attribute15_val.Width       = 250
$Ext_Attribute15_val.Height      = 20
$Ext_Attribute15_val.Location    = New-Object System.Drawing.Point(200,570)

$Job_Title_lbl                   = New-Object System.Windows.Forms.Label
$Job_Title_lbl.Text              = "Job title"
$Job_Title_lbl.AutoSize          = $true
$Job_Title_lbl.Width             = 25
$Job_Title_lbl.Height            = 10
$Job_Title_lbl.Location          = New-Object System.Drawing.Point(10,600)

$Job_Title_val                   = New-Object System.Windows.Forms.TextBox
$Job_Title_val.Text              = "NA"
$Job_Title_val.Multiline         = $false
$Job_Title_val.Width             = 250
$Job_Title_val.Height            = 20
$Job_Title_val.Location          = New-Object System.Drawing.Point(200,600)

$Department_lbl                  = New-Object System.Windows.Forms.Label
$Department_lbl.Text             = "Department"
$Department_lbl.AutoSize         = $true
$Department_lbl.Width            = 25
$Department_lbl.Height           = 10
$Department_lbl.Location         = New-Object System.Drawing.Point(10,630)

$Department_val                  = New-Object System.Windows.Forms.TextBox
$Department_val.Text             = "NA"
$Department_val.Multiline        = $false
$Department_val.Width            = 250
$Department_val.Height           = 20
$Department_val.Location         = New-Object System.Drawing.Point(200,630)

$Company_lbl                     = New-Object System.Windows.Forms.Label
$Company_lbl.Text                = "Company"
$Company_lbl.AutoSize            = $true
$Company_lbl.Width               = 25
$Company_lbl.Height              = 10
$Company_lbl.Location            = New-Object System.Drawing.Point(10,660)

$Company_val                     = New-Object System.Windows.Forms.TextBox
$Company_val.Text                = "IBM"
$Company_val.Multiline           = $false
$Company_val.Width               = 250
$Company_val.Height              = 20
$Company_val.Location            = New-Object System.Drawing.Point(200,660)
#endregion

#region Buttons
$Confirm_Button                  = New-Object system.Windows.Forms.Button
$Confirm_Button.BackColor        = "#00ff00"
$Confirm_Button.text             = "OK"
$Confirm_Button.width            = 100
$Confirm_Button.height           = 30
$Confirm_Button.location         = New-Object System.Drawing.Point(200,690)
$Confirm_Button.Font             = 'Microsoft Sans Serif,10,style=Bold'
$Create_ADuser = {
  if ($Password_ini_val.Text -cne $Password_conf_val.Text)
  {
    [System.Windows.MessageBox]::Show("Passwords don't match")
  } elseif ($Password_ini_val.Text.Length -lt 8)
  {
    [System.Windows.MessageBox]::Show("Password is too short")
  } else {
    $password = $Password_ini_val.Text | ConvertTo-SecureString -AsPlainText -Force
    $Display_name = $Display_name_val.Text + " [ADM]"
    New-ADUser -GivenName $First_name_val.Text -Surname $Second_name_val.Text -DisplayName $Display_name -AccountPassword $password -Path $Location_val.Text -Name $User_name_val.Text`
     -CannotChangePassword $Cannot_chg_pass.Checked -PasswordNeverExpires $Pass_not_expires.Checked -ChangePasswordAtLogon $Must_chg_pass.Checked -Enabled $Account_disabled_val.Checked`
     -Description $GECOS_val.Text -OtherAttributes @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text;'ExtensionAttribute9' = "People";'ExtensionAttribute10' = $Ext_Attribute10_val.Text;`
     'ExtensionAttribute11' = "Other";'ExtensionAttribute12' = "No";'ExtensionAttribute14' = "NA";'ExtensionAttribute15' = $Ext_Attribute15_val.Text;'Division' = "WG Mustang"}`
     -Office "NA" -OfficePhone "NA" -Title $Job_Title_val.Text -Department $Department_val.Text -Company $Company_val.Text -SamAccountName $User_name_val.Text -PassThru | `
     Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
    $AD_user_creation.Close()
  }
}
$Confirm_Button.add_Click($Create_ADuser)


$Cancel_button                   = New-Object system.Windows.Forms.Button
$Cancel_button.BackColor         = "#ff0000"
$Cancel_button.text              = "Cancel"
$Cancel_button.width             = 100
$Cancel_button.height            = 30
$Cancel_button.location          = New-Object System.Drawing.Point(350,690)
$Cancel_button.Font              = 'Microsoft Sans Serif,10,style=Bold'
<#$Cancel = {
    $AD_user_creation.Close()
    exit
}#>
$Cancel_button.add_Click({
    $AD_user_creation.Close()
    exit
})

$AD_user_creation.AcceptButton   = $Confirm_Button
$AD_user_creation.CancelButton   = $Cancel_button
#endregion

$AD_user_creation.controls.AddRange(@($Display_name_lbl,$First_name_val,$Second_name_val,$User_name_lbl,$Display_name_val,$User_name_val,$Password_lbl,$Password_ini_val,$Password_conf_val,$Location_lbl,`
$Location_val,$Must_chg_pass,$Cannot_chg_pass,$Pass_not_expires,$Account_disabled_val,$GECOS_lbl,$GECOS_val,$ADGroups_lbl,$ADGroups_val,$Ext_Attribute5_lbl,$Ext_Attribute5_val,$Ext_Attribute10_lbl,`
$Ext_Attribute10_val,$Ext_Attribute15_lbl,$Ext_Attribute15_val,$Job_Title_lbl,$Job_Title_val,$Department_lbl,$Department_val,$Company_lbl,$Company_val,$Confirm_Button,$Cancel_button))

$showFullName = { $Display_name_val.Text = ($First_name_val.Text + " " + $Second_name_val.Text) }

[void]$Second_name_val.Add_Leave( { & $showFullName } )
[void]$First_name_val.Add_Leave(  { & $showFullName } )

[void]$AD_user_creation.ResumeLayout()

$result = $AD_user_creation.ShowDialog()
[void]$AD_user_creation.Dispose()

Set-ExecutionPolicy $Orig_exec_policy -Force

Первоначально я не помещал параметр -passthru в New-ADUser (строка 268) и добавил командлет Add-ADPrincipalGroupMembership в отдельную строку с помощью * Вместо параметра 1006 *, но попробовал реальное решение в приведенном выше коде, когда это не сработало. Я проверил, что $ADGroups_val.Text содержит имена групп, помещенные в соответствующее текстовое поле. Есть идеи, почему группы не добавляются?

Theo · Answer 1 · 15 февраля 2020

Кодировка, используемая для командлета New-ADUser, имеет некоторые проблемы с форматированием. Из-за этого трудно заметить, что некоторые обратные пометки находятся в неправильном месте.

Использование Splatting помогает коду стать более читабельным / поддерживаемым.

За счет захвата вывод New-ADUser в переменную (для этого вам нужно добавить переключатель PassThru), вы можете сначала проверить, создан ли новый пользователь или нет, и только если у вас есть действительный объект пользователя, добавьте его в группу :

$params = @{
    'GivenName'             = $First_name_val.Text
    'Surname'               = $Second_name_val.Text
    'DisplayName'           = $Display_name
    'AccountPassword'       = $password
    'Path'                  = $Location_val.Text
    'Name'                  = $User_name_val.Text
    'CannotChangePassword'  = $Cannot_chg_pass.Checked
    'PasswordNeverExpires'  = $Pass_not_expires.Checked
    'ChangePasswordAtLogon' = $Must_chg_pass.Checked
    'Enabled'               = $Account_disabled_val.Checked
    'Description'           = $GECOS_val.Text
    'Office'                = "NA"
    'OfficePhone'           = "NA"
    'Title'                 = $Job_Title_val.Text
    'Department'            = $Department_val.Text
    'Company'               = $Company_val.Text
    'SamAccountName'        = $User_name_val.Text
    'OtherAttributes'       = @{'ExtensionAttribute5'  = $Ext_Attribute5_val.Text
                                'ExtensionAttribute9'  = "People"
                                'ExtensionAttribute10' = $Ext_Attribute10_val.Text
                                'ExtensionAttribute11' = "Other"
                                'ExtensionAttribute12' = "No"
                                'ExtensionAttribute14' = "NA"
                                'ExtensionAttribute15' = $Ext_Attribute15_val.Text
                                'Division'             = "WG Mustang"}
    'PassThru'              = $true
}
$newUser = New-ADUser @params
if ($newUser) {
    $newUser | Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
}
else {
    [System.Windows.MessageBox]::Show("Error creating new user")
}

Пользователи AD не добавляются в группы PowerShell

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Пользователи AD не добавляются в группы PowerShell

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Похожие темы