Shulou(Shulou.com)06/02 Report--

AD batch add groups and users 1. Background

Because the management needs to plan to change the existing serv-u service to the ad+iis+ftp+ntfs architecture, you need to create a new group and add users in the ad.

In order to improve efficiency and reduce repetitive work, write a batch add group and add user script, the following is the test environment.

Summary Note: users must exist and must be filtered when making user files, otherwise the script will interrupt all groups of users in a user file, which varies in length with no value (the middle column of the csv file) or a null value (the last column of the csv file). The filtering script is required to add only the group required attributes. Additional attributes need to be modified as needed to modify the one-to-many lookup function used to make csv files: = INDEX (IF ($Baud2Ranger Bamboo 200 = "Sam", ROW ($2VRV 200), 4 ^ 8) ROW (A1)) & "" complete script Import-Module ActiveDirectory$ngroups=Import-Csv C:\ Data\ ngs.csv$nusers=Import-Csv C:\ Data\ nus.csv foreach ($ngroup in $ngroups) {# create a new group New-ADGroup-Name $ngroup.name-SamAccountName $ngroup.name-GroupCategory $ngroup.GroupCategory-GroupScope $ngroup.Groupscope-Path $ngroup.path-Description $ngroup.description-PassThru Get-ADGroup-Identity $ngroup.name | Set-ADGroup-Replace @ {info=$ngroup.info} # add member Add- ADGroupMember-Identity $ngroup.name-Members ($nusers. ($ngroup.name) | Where-Object {$_-ne'})-PassThru} group file ngs.csvname Path,groupcategory,groupscope,description,infoftp-ops-w, "OU=FTP,OU=Group,DC=lxy,DC=lin", Security,Global, "ip/ftp/ops/", "DRI:xx" TEL:xx "ftp-ops-r", "OU=FTP,OU=Group,DC=lxy,DC=lin", Security,Global, "ip/ftp/ops/", "DRI:xx,TEL:xx" ftp-dba-w, "OU=FTP,OU=Group,DC=lxy,DC=lin", Security,Global, "ip/ftp/dba/", "DRI:xx,TEL:xx" ftp-dba-r, "OU=FTP,OU=Group,DC=lxy,DC=lin", Security,Global, "ip/ftp/dba/", "DRI:xx" TEL:xx "user file: nus.csvftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-ruser01,user02,user03,user04user05,user06,user07user08,user09, III. Decompose and import AD module Import-Module ActiveDirectory new account foreach ($num in 1.. 10) {$user='USER'+$num New-ADUser $user-Path" OU=Test,DC=iku DC=lxy "- Enabled:$true-AccountPassword (ConvertTo-SecureString" lxy1989. "- AsPlainText-Force)} filter to quit or do not have an account $newusers= Import-Csv.\ nu.csv$newgroups= Import-Csv.\ ng.csv# create an array to save quit or do not exist an account $array_error_user = New-Object-TypeName System.Collections.ArrayList$array_disabled_user = New-Object-TypeName System.Collections.ArrayListforeach ($newgroup in $newgroups) {$newuser= ($newusers. ($newgroup.name) | Where-Object { $_-ne'}) foreach ($user in $newuser) {$user_abled= (Get-ADUser $user) .enabled # query whether the account is disabled By default, only outgoing accounts are disabled $returned=$? # if the account does not exist Return false if ($returned-eq $true) {if ($user_abled-eq $false) {$array_disabled_user.Add ($user+'@'+ ($newgroup.name))} # add the disabled (terminated) account to the array} else {$array_error_user.add ($user+'@'+ ($newgroup.name))} # Add an account that does not exist to the array}} echo "The following user is disabled:" $array_disabled_userecho "The following user does not exist:" $array_error_user removes the termination from the user file or does not exist the account vi user.errorxxxxxxx:%s/@.*//gvi deluser.shilling account. The reference variable in sed is imported into the group and user files with double quotes for user in $(cat user.error) do sed-I "s/$user//g" nu.csvdone.

You must confirm that the group and user exist, otherwise it will lead to script exception, and subsequent users will add $ngroups=Import-Csv C:\ Data\ ngs.csv$nusers=Import-Csv C:\ Data\ nus.csv to create a new group.

Remarks info has no command parameters Add # version1foreach ($ngroup in $ngroups) {New-ADGroup-Name $ngroup.name-SamAccountName $ngroup.name-GroupCategory $ngroup.GroupCategory-GroupScope $ngroup.Groupscope-Path $ngroup.path-PassThru Get-ADGroup-Identity $ngroup.name | Set-ADGroup-Replace @ {info=$ngroup.info}} # version2# adds $ngroups = Import-Csv D:\ PS\ NewGroup\ 201807\ ng.csv-Encoding Unicodeforeach ($ngroup in $ngroups) {$drop = Get- ADGroup $ngroup.name $return = $? # check whether the group is saved If it does not exist, create a new group if ($return-eq $false) {New-ADGroup-Name $ngroup.name-SamAccountName $ngroup.name-GroupCategory $ngroup.groupcategory-GroupScope $ngroup.groupscope-Path $ngroup.path-Description $ngroup.description Get-ADGroup $ngroup.name | Set-ADGroup-Replace @ {info=$ngroup.info} add users to the group

Not all groups in the user file have users. If the command encounters an exception, all operations will be aborted, and all requirements will filter empty data.

The last column in the CSV file is recognized as null and cannot be identified using'', which is solved by adding a comma after each column. Foreach ($ngroup in $ngroups) {Add-ADGroupMember-Identity $ngroup.name-Members ($nusers. ($ngroup.name) | Where-Object {$_-ne'})-PassThru} PS C:\ Users\ Administrator > ($nusers.'ftp-dba-r' | Where-Object {$_-ne'}) .count3---nu.csvftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-ruser1,user2,user3,user4,user5,user6,user7,user8,user9 -PS C:\ > ($nusers.'ftp-dba-r' | Where-Object {$_-ne'}) .count2 View group user information foreach ($ngroup in $ngroups) {Get-ADGroupMember-Identity $ngroup.name | select @ {name='group' Expression= {$ngroup.name}}, @ {name='name' Expression= {$_ .name}} group name-ftp-ops-w USER1 ftp-ops-w USER5 ftp-ops-w USER8 ftp-ops-r USER2 ftp-dba-w USER3 ftp-dba-w USER6 ftp-dba-w USER9 ftp-dba-r USER4 ftp-dba-r USER7 removes all group users foreach ($ngroup in $ngroups) {Remove-ADGroupMember-Identity $ngroup.name-Members (Get-ADGroupMember-Identity $ngroup.name)} IV. Update

In the process of use, it is found that the function of the script is stiff, the writing format is not standard, and it is inconvenient to read, so it has been updated.

Variable naming is not easy to understand. Instead of using indentation # $ngroups = Import-Csv D:\ PS\ NewGroup\ 201807\ ng.csv-Encoding Unicode# to create a new group # empty group member # query group member # ngroups = Import-Csv D:\ PS\ NewGroup\ 201807\ ngw.csv# $nusers = Import-Csv D:\ PS\ NewGroup\ 201807\ nus.csv# add member # count the number of users in each group

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.