此脚本现在可以正常运行,但问题是当找到搜索库中的多个组时,该脚本会将所有组中的所有用户添加到跨林目标组。
例如:
ForestAGroup1 =包含2个用户
ForestAGroup2 =包含2个用户
::运行脚本::
现在...
ForestBGroup1 =包含4个用户
ForestBGroup2 =包含4个用户
ForestBGroup1 / 2需要包含与ForestAGroup1 / 2相同的相同用户。
以下是供参考的脚本:
$creds = Get-Credential
$Groups = Get-ADGroup -Properties * -Filter * -SearchBase "OU=TEST,OU=Shop Print Groups,OU=User,OU=domain Groups,DC=domainA,DC=com" | export-csv c:\temp\test.csv
$Groups = Get-ADGroup -Properties * -Filter * -SearchBase "OU=TEST,OU=Shop Print Groups,OU=User,OU=domain Groups,DC=domainA,DC=com"
Foreach($G In $Groups)
{
#Display group members and group name
Write-Host $G.Name
Write-Host "-------------"
$G.Members
#Add members to domainB group
$domainGMembers = import-csv C:\temp\test.csv | ForEach-Object -Process {Get-ADGroupMember -Identity $_.CN} | Select-Object samaccountname | export-csv c:\temp\gmembers.csv
$domainDNUser = import-csv C:\temp\gmembers.csv | ForEach-Object -Process {Get-ADUser $_.samaccountname -Server "domainA.com" -properties:Distinguishedname}
import-csv C:\temp\gmembers.csv | ForEach-Object -Process {Add-ADGroupMember -Server "domainB.com" -Identity $G.Name -Members $domainDNUser -Credential $creds -Verbose}
}
你在做什么?
TEST-OU中所有组的所有成员添加到domainB中的每个组SamAccountName,DN。然后你用SamAccountName找到DN。试试这个(未经测试):
$creds = Get-Credential
$Groups = Get-ADGroup -Properties Members -Filter * -SearchBase "OU=TEST,OU=Shop Print Groups,OU=User,OU=domain Groups,DC=domain,DC=com"
Foreach($G In $Groups)
{
#Display group members and group name
Write-Host $G.Name
Write-Host "-------------"
$G.Members
#Add members to domainB group
$G.Members |
Get-ADUser -Server fairfieldmfg.com |
ForEach-Object { Add-ADGroupMember -Server "domainB.com" -Identity $G.Name -Members $_ -Credential $creds -Verbose }
}
我使用foreach循环来运行Add-ADGroupMember,因为它通常在一组成员中间失败,如果它发现已经是一个成员,但如果我们一次添加一个成员,你可以做到(或者你可以做到)搜索并排除已在组中的那些)。
您可能希望将-ErrorAction SilentlyContinue添加到Add-ADGroupMember,以便在您知道脚本正常工作时忽略这些错误。