活动目录复制用户属性

Question

我有一个脚本，它应该将Description 的值复制到Department。 但脚本似乎只工作了 50%。

我有 OU，还有 3 个子 OU。 该脚本仅更改第一个 OU 用户属性，而不更改其他 2。 有人可以检查脚本并告诉我它有什么问题。

脚本：

Option Explicit 

On Error Resume Next 
Dim objUser, objChild, objConnection, objRootDSE, objItem
Dim WshShell, objFSO, strRoot, strDNSDomain, strContainer
Dim strDescription, strsAMAccountName 
Dim strdepartmentAfter, strDirectory, strdepartmentBefore
Dim i, intLogFlag 'no log exists

i=1 
intLogFlag = 0

Set WshShell = CreateObject("WScript.Shell") 

'Set current directory to Desktop & display on page 
strDirectory = WshShell.SpecialFolders("Desktop") & "\" 
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext") 
strContainer = strContainer & strDNSDomain 
'To do a subcontainer, add it after//ou=OUName, - include comma 
Set strRoot =GetObject("LDAP://OU=Kasutajad," & strDNSDomain ) 
'Start Logging 
CreateLog() 
'**************************************************************** 
For each objChild in strRoot 
Select Case objChild.class 
Case "organizationalUnit","container" 
Call DATree 
End Select 
Next 

Sub DATree() 
OU.Filter="objectClass=user"
For each user in OU
If user.class="user" Then
    On Error Resume Next
    user.Department=user.description
    If Err.Number = 0 Then
         user.SetInfo
         WScript.Echo "Copied:" & user.description & " for " & user.name 
    Else
         On Error GoTo 0
         WScript.Echo "No IPPHONE configured for " & user.name
    End If
    On Error GoTo 0
end if
i=i+1 
next 
End Sub 

i = i -1 
Wscript.Echo "Accounts = " & i 
Wscript.Quit 

'**************************************************************** 

Sub CreateLog() 
On Error Resume Next 
Dim objFile 
Dim strFile, strText 

'Create log file 
strFile = "UserDepartmentLog_" & Month(Date()) & "_" & Day(Date()) & ".txt" 
Set objFSO = CreateObject("Scripting.FileSystemObject") 
Set objFile = objFSO.CreateTextFile(strDirectory & strFile) 
Set objFile = Nothing 
'Write headers to the log file 
strText = "User Name,Date,Description,Department Before, Department After" 
Set objFile = objFSO.OpenTextFile(strDirectory & strFile, 8, True) 
objFile.WriteLine(strText) 
intLogFlag = 1 
Set objFSO = Nothing 
Set objFile = Nothing 
End Sub 

'**************************************************************** 

'Used to append the log for each computer the script is run against 

Sub WriteLog(strdescription, strAccountName, strDeptBefore, strDeptAfter) 
On Error Resume Next 
Dim objFile, objTextFile 
Dim strFile, strText 

strFile = "UserDepartmentLog_" & Month(Date()) & "_" & Day(Date()) & ".txt" 
Set objFSO = CreateObject("Scripting.FileSystemObject") 
'Check to see if the log exists 
If intLogFlag = 1 Then 
'Write to the log 
strText = strAccountName & "," & Date() & "," & strDescription & "," & strDeptBefore &                         "," & strDeptAfter 

Set objFile = objFSO.OpenTextFile(strDirectory & strFile, 8, True) 
objFile.WriteLine(strText) 
objFile.Close 
'Reset strText for later use 
strText = "" 
Else 'If the log doesn't exist, create it 
CreateLog() 
'Reset strText for later use 
strText = "" 
End If 
Set objTextFile = Nothing 
Set objFile = Nothing 
Set objFSO = Nothing 
End Sub

Answer 1

我建议您放弃 VBScript 并切换到 PowerShell。所有这些都可以用这个替换（全部在一行上）：

Get-ADUser -SearchBase 'OU=PowerShell Testing,DC=yourdom' -LDAPFilter '(sAMAccountName=*)' -属性描述 | ForEach-Object { Set-ADUser $_ -Department $_.description }

您只需要 PowerShell 2.0（最好是 3.0，因为它更容易）和 Active Directory Module on your client。

希望该命令足够详细，可以解决大部分情况。要知道的是，PowerShell 命令倾向于返回对象*，而不是文本。该|是一个管道，因此第一个命令 (Get-ADUser) 的输出对象被发送到第二个命令 (ForEach-Object)。 $_ 代表管道中的对象。因此，在大括号内，我正在对管道中的对象执行 Set-ADUser（Set 是 PowerShell 用于更新的标准动词），将管道中对象的 description 属性的值应用于 -Department 属性。哒哒！

这被称为 PowerShell 单线。我可以把它写成一个脚本，它可能看起来像这样：

$users = Get-ADUser `
    -SearchBase 'OU=PowerShell Testing,DC=yourdom' `
    -LDAPFilter '(sAMAccountName=*)' -Properties description

foreach ($user in $users)
{
    Set-ADUser $user -Department $user.description
}

` 是 PowerShell 的继续符。

我曾经做过很多 VBScripting - 我有 000 行代码的脚本。现在，如果我有选择的话，我不会用驳船杆来碰它。