Powershell CSV 导入错误 - 对象名称的语法错误

Question

使用“New-ADUser”语法似乎无法找出导致以下脚本错误的原因。不确定是否有人能发现错误？

"New-ADUser : 对象名称语法错误

在 D:\ScriptPath\importadusersAndMoveOU.ps1:33 char:3"

如果我删除“$NewOU”变量并将用户导入到默认的“用户”OU 中，该脚本将起作用。

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv 'D:\CSVPATH\adusers.csv'
$NewOU = New-ADOrganizationalUnit -Name "ADMINS"

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
    #Read user data from each field in each row and assign the data to a 
variable as below


$DomainName = Get-ADDomain -current LocalComputer
$Username   = $User.username
$Password   = "TestPassword12345"
$Firstname  = $User.firstname
$Lastname   = $User.lastname
$OU         = $NewOU+","+$DomainName.DistinguishedName
$upn = $Username+"@"+$DomainName.DNSRoot

#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
     #If user does exist, give a warning
     Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
    #User does not exist then proceed to create the new user account

    #Account will be created in the OU provided by the $OU variable read from the CSV file
    New-ADUser `
        -SamAccountName $Username `
        -UserPrincipalName $upn `
        -Name "$Firstname $Lastname" `
        -GivenName $Firstname `
        -Surname $Lastname `
        -Enabled $True `
        -DisplayName "$Lastname, $Firstname" `
        -Path $OU `
        -AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
    Add-ADGroupMember "domain admins" $username
    Add-ADGroupMember "enterprise admins" $Username
    }
}

Answer 1

New-ADOrganizationalUnit -Name "ADMINS" 命令在域的默认 NC 头下创建一个新 OU。 如果你想在其他地方这样做，你应该使用-Path <DistinghuisedName of Parent OU> 参数。

但是，正如 Drew Lean 已经评论的那样，此代码不在尝试创建 OU 之前检查它是否存在，因此此处可能需要进行快速测试：

[adsi]::Exists("LDAP://OU=ADMINS,DC=domain,DC=com")

或

Get-ADOrganizationalUnit -Filter "distinguishedName -eq 'OU=ADMINS,DC=domain,DC=com'"
# don't filter on 'Name' because it is more than likely you have several OUs with the same name

接下来，为变量$OU 构造distinguishedName 的部分会导致字符串格式错误。 $OU = $NewOU+","+$DomainName.DistinguishedName 将导致 "ADMINS,DC=domain,DC=com" 不是有效的 DistinghuishedName，因此会出现错误 The object name has bad syntax

尝试先获取现有 OU 的 DN，如果不存在，则在创建后捕获它并将 DistinghuishedName 存储在变量 $OU 中

类似这样的：

$OU = "OU=ADMINS,DC=domain,DC=com"
if (-not (Get-ADOrganizationalUnit -Filter "distinguishedName -eq '$OU'")) {
    $NewOU = New-ADOrganizationalUnit -Name "ADMINS" -PassThru
    $OU = $NewOU.DistinghuishedName
}

ps。 Get-ADOrganizationalUnit 的 Identity 参数必须是以下之一：

• 专有名称
• 一个 GUID (objectGUID)
• 安全标识符 (objectSid)
• 安全客户经理帐户名称 (sAMAccountName)