需要从 CSV 文件更新 AD 目标用户的属性,例如 ObjectSid、msExchMasterAccountSid

【问题标题】:Need to update attributes for AD target users such as ObjectSid, msExchMasterAccountSid from a CSV file需要从 CSV 文件更新 AD 目标用户的属性,例如 ObjectSid、msExchMasterAccountSid
【发布时间】:2020-03-31 22:45:21
【问题描述】:

我目前正在测试以下场景,并希望将其自动化定义和验证参数。

我已将以下 cmdlet 放在一起以使脚本能够逐行调用,但我最终喜欢的是查看 CSV 文件中的用户列表。在这个文件中,我想使用带有 UserPrincipalName 标题的两列,例如:

来源用户 |目标用户

这个想法是运行一个脚本并替换以下内容:

#create variables
$sourceUser = "TestUser1@old.domain.com"
$targetUser = "TestUser1@new.domain.com"
$sourceusername,$sourcedomain = $sourceUser -split ("@")
$targetusername,$targetdomain = $targetUser -split ("@")
$SourceAccount = Get-ADUser $sourceusername -server $sourcedomain -Properties objectSid
$TargetAccount = Get-ADUser $targetusername -Server $targetdomain 

#get the objectSid of the source account
$objectSid = $SourceAccount.objectSid

#copy source account objectSid to target account msExchMasterAccountSid
$TargetAccount | Set-ADUser -Replace @{"msExchMasterAccountSid"=$objectSid}

#enable target account
$TargetAccount | Enable-ADAccount

#disable the source account
$SourceAccount | Disable-ADAccount

#move the migrated user into prod OU
$TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"

我已经找到了几个我认为有助于实现目标域和目标 OU 等两件事的参数:

  [CmdletBinding()]
  Param(
  #target domain
  [parameter(Mandatory,Position=1)]
  [ValidateScript({Get-ADDomain -Identity $_})]
  [String]$Domain,

  #target OU
  [parameter(Position=2)]
  [ValidateScript({Get-ADOrganizationalUnit -Identity $_})]
  [String]$TargetOu
  )

有没有人可以帮我把所有这些脚本放在一起,好吗? ????

谢谢

【问题讨论】:

  • 如果您告诉我们您卡在哪里,我们可以在您遇到困难时提供帮助。
  • 当然 - 但我也在寻找一些关于开始点的想法。诚然,我会在编写脚本的同时发布我的问题。

标签: powershell csv active-directory


【解决方案1】:

一段时间后我开发的脚本草稿:

Clear-Host
#parameters
Import-Module ActiveDirectory
#Start region >>> fake reading in a csv file
$SourceDestinationUsers = @'
SourceUser, DestinationUser
test@source.com, test@destination.com
'@ | ConvertFrom-Csv
#endregion >>> fake reading in a CSV file

function Invoke-UserMove
{
    [CmdletBinding()]
    param()

    ForEach ($User in $SourceDestinationUsers)
    {
        Write-Host 'Processing...'
        Write-Host ('    SourceUser {0}' -f $User.SourceUser)
        Write-Host ('    DestinationUser {0}' -f $User.DestinationUser)

        Write-Host '__ Source Account __'
        $GADU_Params_1 = [ordered]@{
            Identity   = $User.SourceUser.split('@')[0]
            Server     = $User.SourceUser.split('@')[1]
            Properties = 'objectSid', 'SamAccountName'
        }
        $GADU_Params_1
        $SourceAccount = Get-ADUser @GADU_Params_1

        Write-Host '__ Target Account __'
        $GADU_Params_2 = [ordered]@{
            Identity = $User.DestinationUser.Split('@')[0]
            Server   = $User.DestinationUser.Split('@')[1]
        }
        $GADU_Params_2
        $TargetAccount = Get-ADUser @GADU_Params_2

        Write-Host 'Making changes...'


        try
        {
            $TargetAccount | Set-AdUser -Replace @{'SamAccountName' = $SourceAccount.SamAccountName }
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $TargetAccount | Enable-ADAccount
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $SourceAccount | Disable-ADAccount
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }
        try
        {
            $TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"
        }
        catch
        {
            Write-Host "Accounts have been processed succesfully..."
        }

    }

    Write-Host "Completed"
}
Invoke-UserMove

它对我有用,我确实达到了我所需要的。

【讨论】:

    【解决方案2】:

    好的,假设您的 CSV 文件包含类似的内容

    SourceUser, TargetUser
TestUser1@old.domain.com,Testuser1@new.domain.com

    显然,实际上您的 csv 文件将包含不止一个源和目标对。

    现在从您提供的代码开始,将其放在 foreach 循环下的括号中,并通过管道一次向 csv 数据提供一条记录。像这样的

    Import-csv MyCsvFile.csv |
foreach {

#create variables
$sourceUser = $_.SourceUser
$targetUser = $_.TargetUser
$sourceusername,$sourcedomain = $sourceUser -split ("@")
$targetusername,$targetdomain = $targetUser -split ("@")
$SourceAccount = Get-ADUser $sourceusername -server $sourcedomain -Properties objectSid
$TargetAccount = Get-ADUser $targetusername -Server $targetdomain 

#get the objectSid of the source account
$objectSid = $SourceAccount.objectSid

#copy source account objectSid to target account msExchMasterAccountSid
$TargetAccount | Set-ADUser -Replace @{"msExchMasterAccountSid"=$objectSid}

#enable target account
$TargetAccount | Enable-ADAccount

#disable the source account
$SourceAccount | Disable-ADAccount

#move the migrated user into prod OU
$TargetAccount | Move-ADObject -TargetPath "OU=Test,OU=Users,DC=new,DC=domain,DC=com"

}

    我没有为你修正缩进,但你明白了。

    【讨论】:

    • 您好沃尔特,谢谢您的回答。我会解决这个问题,并在准备好后发布新版本的脚本。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2021-09-12
    • 1970-01-01
    • 2019-12-10
    • 2023-02-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode