尝试为 Active Directory 运行 PowerShell 脚本时出现错误解析错误

Question

我正在编写一个脚本，该脚本将从 CSV 文件更新 Active Directory 中的用户属性。我现在只有一个错误，它与语法有关。不确定正确的语法是什么；我提供了运行脚本时收到的错误。

这是从 CSV 文件更新 AD 用户的脚本。

#Updates AD user attributes from CSV file

$credential = Get-Credential

#Load data from file.csv
$ADUsers = Import-csv file_location

# Server
$server = "127.0.0.1"

# Count variable for number of users update
$count = 0

#Go through each row that has user data in the CSV we just imported 
foreach ($User in $ADUsers)
{
    # Read user data from each field in each row and assign to variables.

    $Username = $User.Username
    $Title = $User.Title
    $Office = $User.Office
    $Description = $User.Description


    #Check to see if the user already exists in AD. If they do, we update.
    if (Get-ADUser -Filter "SamAccountName -eq $Username" -Server $server -Credential $credential)
    {

         #Set User attributes
         Set-ADUser -Title $Title -WhatIf `
            -Office $Office -WhatIf `
            -Description $Description -WhatIf

         # Print that the user was updated 
         Write-Host $Username "- User attributes have been updated." -ForegroundColor Yellow

         # Update Count
         $count += 1    
     }


}

# Print the number of updated users
Write-Host $count "Users have been updated" -ForegroundColor Green

这是我在运行脚本时遇到的错误

Get-ADUser : Error parsing query: 'SamAccountName -eq ADUSER' Error Message: 'syntax error' at position: '20'.
At file_location from CSV.ps1:35 char:6
+     if (Get-ADUser -Filter "SamAccountName -eq $Username" -Server $se ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUse 
   r

0 Users have been updated

Answer 1

纯粹的错误可能是由于字符串扩展在$UserName周围加上单引号引起的，例如：

Get-ADUser -Filter "SamAccountName -eq '$Username'" # and the rest of the parameters...

但是，我应该指出您通常不需要带有 samAccountName 的 filter 参数。只需执行以下操作：

Get-ADUser $UserName # and the rest of the parameters...

此外，您在 Set-ADUser 命令中多次指定了-Whatif。在您解决当前问题后，这将导致问题。

您应该尽量避免所有这些倒钩。改用喷溅。这是一个未经测试的喷溅示例：

# Updates AD user attributes from CSV file

$credential = Get-Credential

# Load data from file.csv
$ADUsers = Import-csv file_location


# Count variable for number of users update
$count = 0

# Go through each row that has user data in the CSV we just imported 
ForEach($User in $ADUsers)
{
    # Ppopulate hash table for Get-ADUser splatting:
    $GetParams =
    @{
        Identity     = $User.Username
        Server       = '127.0.0.1'
        Credential   = $Credential
    }
    
    # Initialize hash table for Set-ADUser splatting:
    $SetParams =
    @{
        Server       = '127.0.0.1'
        Identity     = $User.Username
        Title        = $User.Title
        Office       = $User.Office
        Description = $User.Description
        Credential   = $Credential
    }

    # Check to see if the user already exists in AD. If they do, we update.
    if ( Get-ADUser @GetParams)
    {
         # Set User attributes
         Set-ADUser @SetParams -WhatIf

         # Print that the user was updated 
         Write-Host -ForegroundColor Yellow "$User - User attributes have been updated." 

         # Update Count
         $count += 1    
     }
}

# Print the number of updated users
Write-Host $count "Users have been updated" -ForegroundColor Green

请注意，这不一定是我完成代码的方式。做事的方法有很多，而且很多都是由个人喜好等指导的……在这种情况下，我将限制对原始示例的修改，以仅演示某些点，例如飞溅。何时、何地以及为什么实施取决于您。

您可能要考虑的另一个问题是您需要这个或任何脚本有多健壮。你需要错误处理吗？当在 AD 中找不到 CSV 文件中的用户时，您是否要报告（它本身会回显错误）？你需要一个日志文件吗？这是一次性的努力还是会持续多年的事情？等等……