将 Active Directory 帐户添加到 Powershell 中的组

Question

我正在尝试编写一个通过 Powershell 创建 Active Directory 帐户的脚本，该脚本允许用户在根据用户将要工作的位置提取列表后根据需要输入组。但是，我似乎无法真正做到在使用变量时成功地将用户添加到组中 - 我的代码在我的脚本的更大范围之外工作，并且在不使用变量的情况下工作，所以希望有人能够向我的业余自我指出一个明显的缺陷？

    $firstname = Read-Host "Enter user's first name"
    $lastname = Read-Host "Enter users's last name"
    
    $firstname_lowercase = $firstname.ToLower()
    $lastname_lowercase = $lastname.ToLower()
    
    $ad_username = ($firstname_lowercase + "." + $lastname_lowercase)

$ad_continue = Read-Host "Would you like to add the user to a Active Directory store group? (y/n)"
    
    while ($ad_continue -eq "y") {
        Write-Host "Please enter the group name you would like to add the user to:"
    
        Get-ADGroup -Filter 'Name -like $store_groupinitials' | Select -ExpandProperty Name
    
        echo ""
    
        $adgroup_add = Read-Host "Please enter the group name you would like to add the user to"
    
        Add-ADGroupMember -Identity $adgroup_add -Members $ad_username
    
        $ad_continue = Read-Host "Would you like to add user to another group? (y/n)"
        }

我收到的错误是：

    Add-ADGroupMember : Cannot find an object with identity: 'test1.test2' under: 'DC=hq,DC=domainhere,DC=com'.
At C:\Scripts\ad_google_create\google_ad_with_groups.ps1:114 char:3
+         Add-ADGroupMember -Identity $adgroup_add -Members $ad_username
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (test1.test2:ADPrincipal) [Add-ADGroupMember], ADIdentityNotFoundExcepti
   on
    + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.
   AddADGroupMember

它似乎只在顶级域中寻找？使用我的脚本时，它确实在预期的 OU 中成功创建了一个名为 test1.test2 的帐户，但该帐户从未被添加为所述组的成员。希望有人能解释一下。

Answer 1

了解了很多关于我在发布到 SO 时需要指定的内容，谢谢大家。下次将发布完整的（或至少是重要的代码片段）。同时，通过 r/powershell，我发现由于复制，我需要在创建用户帐户时指定 DC。