溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

AD批量添加群組與用戶

發(fā)布時(shí)間:2020-06-27 11:37:01 來(lái)源:網(wǎng)絡(luò) 閱讀:7218 作者:ikulin 欄目:系統(tǒng)運(yùn)維

AD批量添加群組與用戶

一、背景

因管理需要計(jì)劃將現(xiàn)有的serv-u服務(wù)改成ad+iis+ftp+ntfs架構(gòu),所以需要在ad中新建對(duì)應(yīng)群組并添加用戶。

為提高效率減少重復(fù)工作,編寫一個(gè)批量新增群組及添加用戶腳本,以下為測(cè)試環(huán)境。

二、匯總

  • 注意事項(xiàng):
    1. 用戶必須存在,在制作用戶文件時(shí)必須先行過(guò)濾,否則腳本將中途中斷
    2. 所有群組的用戶存在一個(gè)用戶文件中,其長(zhǎng)短不一存在無(wú)值(csv文件中間列)或空值(csv文件最后一列),需求將其過(guò)濾
    3. 腳本只添加群組必須屬性,附加屬性需視需求修改
    4. 制作csv文件所用的一對(duì)多查找函數(shù):
=INDEX(A:A,SMALL(IF($B$2:$B$200="Sam",ROW($2:$200),4^8),ROW(A1)))&""
  • 完整腳本
Import-Module ActiveDirectory

$ngroups=Import-Csv C:\Data\ngs.csv
$nusers=Import-Csv C:\Data\nus.csv 

foreach ($ngroup in $ngroups) {
    #新建組
    New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.GroupCategory -GroupScope $ngroup.Groupscope -Path $ngroup.path -Description $ngroup.description -PassThru
    Get-ADGroup -Identity $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
    #新增成員
    Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru 
}
  • 群組文件ngs.csv
name,path,groupcategory,groupscope,description,info
ftp-ops-w,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/ops/","DRI:xx,TEL:xx"
ftp-ops-r,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/ops/","DRI:xx,TEL:xx"
ftp-dba-w,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/dba/","DRI:xx,TEL:xx"
ftp-dba-r,"OU=FTP,OU=Group,DC=lxy,DC=lin",Security,Global,"ip/ftp/dba/","DRI:xx,TEL:xx"
  • 用戶文件:nus.csv
ftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-r
user01,user02,user03,user04
user05,,user06,user07
user08,,user09,

三、分解

  • 導(dǎo)入AD模塊
Import-Module ActiveDirectory
  • 新建帳號(hào)
foreach ( $num in 1..10 ) {
    $user='USER'+$num
    New-ADUser $user -Path "OU=Test,DC=iku,DC=lxy" -Enabled:$true -AccountPassword(ConvertTo-SecureString "lxy1989." -AsPlainText -Force)
}
  • 篩選離職或不存在帳號(hào)
$newusers= Import-Csv .\nu.csv
$newgroups= Import-Csv .\ng.csv

# 新建數(shù)組保存離職或不存在帳號(hào)
$array_error_user = New-Object -TypeName System.Collections.ArrayList
$array_disabled_user = New-Object -TypeName System.Collections.ArrayList

foreach ($newgroup in $newgroups) {
   $newuser=($newusers.($newgroup.name) | Where-Object {$_ -ne ''}) 

   foreach ($user in $newuser) {
   $user_abled= (Get-ADUser $user).enabled  # 查詢帳號(hào)是否被禁用,默認(rèn)情況下只有離職的帳號(hào)才會(huì)被禁用
   $returned=$?  # 若帳號(hào)不存在,則返回false
       if ($returned -eq $true)
        {
            if ($user_abled -eq $false)  
            {$array_disabled_user.Add($user+'@'+($newgroup.name))}  # 將被禁用(離職)的帳號(hào)添加至數(shù)組
         }
        else
        { $array_error_user.add($user+'@'+($newgroup.name))  }  # 將不存在的帳號(hào)添加至數(shù)組

  }
  }
echo "The following user is disabled :"$array_disabled_user
echo "The following user does not exist :"$array_error_user
  • 從用戶文件中刪除離職或不存在帳號(hào)
vi user.error
xx
xxx
xx

:%s/@.*//g

vi deluser.sh
#!/bin/bash
#在sed中引用變量用雙引號(hào)
for user in $(cat user.error)
do
    sed -i "s/$user//g" nu.csv
done
  • 導(dǎo)入群組與用戶文件
    必須確認(rèn)群組及用戶是存在的,否則會(huì)導(dǎo)至腳本異常,后續(xù)用戶用戶添加
$ngroups=Import-Csv C:\Data\ngs.csv
$nusers=Import-Csv C:\Data\nus.csv
  • 新建群組
    備注信息info無(wú)命令參數(shù),通過(guò)設(shè)置hash值添加
# version1
foreach ($ngroup in $ngroups) {

    New-ADGroup -Name $ngroup.name -SamAccountName $ngroup.name -GroupCategory $ngroup.GroupCategory -GroupScope $ngroup.Groupscope -Path $ngroup.path -PassThru
    Get-ADGroup -Identity $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}

}

# version2
# 增加了群組是否存在的判斷
$ngroups = Import-Csv  D:\PS\NewGroup\201807\ng.csv -Encoding Unicode

foreach ($ngroup in $ngroups) {
    $drop = Get-ADGroup $ngroup.name
    $return = $?
    # 檢查組是否存,不存在則新建組
    if ($return -eq $false){
        New-ADGroup -Name $ngroup.name   -SamAccountName $ngroup.name -GroupCategory $ngroup.groupcategory  -GroupScope $ngroup.groupscope -Path $ngroup.path -Description $ngroup.description
        Get-ADGroup $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
    }

}
  • 為群組添加用戶
    用戶文件中并非所有群組都有用戶,命令遇見(jiàn)異常會(huì)中止所有操作,所有需求過(guò)濾空數(shù)據(jù);
    在CSV文件中最后一列被識(shí)別為空值,無(wú)法使用‘’識(shí)別,通過(guò)在每列后增加一列逗號(hào)解決。
foreach ($ngroup in $ngroups) {
    Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru 
}

PS C:\Users\Administrator> ($nusers.'ftp-dba-r' | Where-Object {$_ -ne ''}).count
3
---nu.csv
ftp-ops-w,ftp-ops-r,ftp-dba-w,ftp-dba-r
user1,user2,user3,user4,
user5,,user6,user7,
user8,,user9,,
---
PS C:\> ($nusers.'ftp-dba-r' | Where-Object {$_ -ne ''}).count
2
  • 查看群組用戶信息
foreach ($ngroup in $ngroups) {
    Get-ADGroupMember -Identity $ngroup.name | select @{name='group';expression={$ngroup.name}},@{name='name';expression={$_.name}}
}

group                                                              name                                                              
-----                                                              ---- 
ftp-ops-w                                                          USER1             
ftp-ops-w                                                          USER5             
ftp-ops-w                                                          USER8             
ftp-ops-r                                                          USER2             
ftp-dba-w                                                          USER3             
ftp-dba-w                                                          USER6             
ftp-dba-w                                                          USER9             
ftp-dba-r                                                          USER4             
ftp-dba-r                                                          USER7
  • 移除群組所有用戶
foreach ($ngroup in $ngroups) {
    Remove-ADGroupMember -Identity $ngroup.name -Members (Get-ADGroupMember -Identity $ngroup.name)
}

四、更新

在使用過(guò)程中發(fā)現(xiàn)腳本的功能實(shí)現(xiàn)方式生硬,書寫格式并不規(guī)范,不便閱讀,所以作了更新。

  • 變量命名不易理解,已改用單詞
  • 腳本編寫時(shí)沒(méi)使用縮進(jìn)
# $ngroups = Import-Csv  D:\PS\NewGroup\201807\ng.csv -Encoding Unicode

# 新建組
<#
foreach ($ngroup in $ngroups) {
    $test = Get-ADGroup $ngroup.name
    $return = $?
    if ($return -eq $false){
        New-ADGroup -Name $ngroup.name   -SamAccountName $ngroup.name -GroupCategory $ngroup.groupcategory  -GroupScope $ngroup.groupscope -Path $ngroup.path -Description $ngroup.description
        Get-ADGroup $ngroup.name | Set-ADGroup -Replace @{info=$ngroup.info}
    }
}
#>

# 清空組成員
<#
foreach ($ngroup in $ngroups) {
    Remove-ADGroupMember -Identity $ngroup.name -Members (Get-ADGroupMember -Identity $ngroup.name)
}
#>

# 查詢組成員
<#
foreach ($ngroup in $ngroups) {
    Get-ADGroupMember -Identity $ngroup.name | select @{name='group';expression={$ngroup.name}},@{name='name';expression={$_.name}}
}
#>

# $ngroups = Import-Csv  D:\PS\NewGroup\201807\ngw.csv
# $nusers = Import-Csv  D:\PS\NewGroup\201807\nus.csv

# 添加成員
<#
foreach ($ngroup in $ngroups) {
    Add-ADGroupMember -Identity $ngroup.name -Members ($nusers.($ngroup.name) | Where-Object {$_ -ne ''} ) -PassThru  -Confirm:$false
}
#>

# 統(tǒng)計(jì)各群組用戶數(shù)
#<
[int]$sum = 0

$re =foreach ($ngroup in $ngroups){
$user_num = (Get-ADGroupMember ($ngroup.name) | Where-Object {$_ -ne ''}).count
$user_num | select  @{name='group';ex={$ngroup.name}},@{name='num';ex={$user_num}} 
$sum += $user_num
}

echo $re
echo $sum
#>
向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI