powershell - 如何设置 PowerShell 脚本将 AD 组添加到域中的 PC/用户帐户？

问题描述

下面是我编写的脚本（目的是将 AD 组添加到指定的参数——计算机名称和用户名）。我有一个成功导入的单独的 AD 模块脚本。但是下面的脚本不起作用。一位同事提到我需要参考我们公司的域。我添加了如下信息（LDAP 信息，但现在只是占位符信息）。还需要什么来确保它适用于我们的 AD 域环境？

[ADSI] "LDAP://cn=VPNAdminUsers,ou=West,dc=MyDomain,dc=com


function Add-DevADGroup {

try {
    param (
        [Parameter(Mandatory = $True)]
        [string] $ComputerName,
        [Parameter(Mandatory = $True)]
        [string] $UserName
    )

[string]$LocalAdmin = (Get-ADGroup -Identity [ADSI] "LDAP://cn=GPP Computer Local Admin Exception,ou=West,dc=MyDomain,dc=com").DistinguishedName
[string]$RDP = (Get-ADGroup -Identity [ADSI] "LDAP://cn=GPP Computer RDP,ou=West,dc=MyDomain,dc=com").DistinguishedName
[string]$RDPException = (Get-ADGroup -Identity [ADSI] "LDAP://cn=GPP Computer RDP Exception,ou=West,dc=MyDomain,dc=com").DistinguishedName
[string]$VPNAdminUsers = (Get-ADGroup -Identity [ADSI] "LDAP://cn=VPNAdminUsers,ou=West,dc=MyDomain,dc=com").DistinguishedName

    $ADGroups = @()
    $ADGroups.Add($LocalAdmin)
    $ADGroups.Add($RDP)
    $ADGroups.Add($RDPException)


foreach ($group in $ADGroups){
            Add-ADPrincipalGroupMembership -Identity $ADGroups -Members $ComputerName
            Write-Output ("{0} has been added to {1}" -f $group.Name, $ComputerName)
    }

if ($ComputerName.Substring($ComputerName.Length -1) -match "L") {
            Add-ADGroupMember -Identity $VPNAdminUsers -Members $UserName
            Write-Output ("VPNAdminUsers has been added to {0}" -f $UserName)
    }

    Catch {

    Write-Error "Unable to add all members to the specified AD Group(s)." -verbose

    }
}
}

Add-DevADGroup

标签： powershellactive-directory