问题
I have a script for adding a user to the active directory. The user gets created (although there are some issues for which I'll create separate questions), but the user is not added to the groups, with the error that groups were not found. But I confirmed the groups are in the AD. This is the code I have now:
$Orig_exec_policy = Get-ExecutionPolicy
Set-ExecutionPolicy Bypass -Force
<# This form was created using POSHGUI.com a free online gui designer for PowerShell
.NAME
Untitled
#>
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()
#region Window properties
$AD_user_creation = New-Object system.Windows.Forms.Form
$AD_user_creation.ClientSize = '480,740'
$AD_user_creation.text = "AD user creation - WG Mustang"
$AD_user_creation.TopMost = $false
#endregion
[void]$AD_user_creation.SuspendLayout()
#region Real name of the user
$Display_name_lbl = New-Object system.Windows.Forms.Label
$Display_name_lbl.text = "User`'s real name"
$Display_name_lbl.AutoSize = $true
$Display_name_lbl.width = 25
$Display_name_lbl.height = 10
$Display_name_lbl.location = New-Object System.Drawing.Point(10,10)
$First_name_val = New-Object system.Windows.Forms.TextBox
$First_name_val.multiline = $false
$First_name_val.width = 120
$First_name_val.height = 20
$First_name_val.location = New-Object System.Drawing.Point(200,10)
$Second_name_val = New-Object system.Windows.Forms.TextBox
$Second_name_val.multiline = $false
$Second_name_val.width = 120
$Second_name_val.height = 20
$Second_name_val.location = New-Object System.Drawing.Point(330,10)
$Display_name_val = New-Object system.Windows.Forms.Label
$Display_name_val.Text = ""
$Display_name_val.width = 250
$Display_name_val.height = 20
$Display_name_val.location = New-Object System.Drawing.Point(200,40)
#endregion
#region User name of the user
$User_name_lbl = New-Object system.Windows.Forms.Label
$User_name_lbl.text = "User logon name"
$User_name_lbl.AutoSize = $true
$User_name_lbl.width = 25
$User_name_lbl.height = 10
$User_name_lbl.location = New-Object System.Drawing.Point(10,70)
$User_name_val = New-Object system.Windows.Forms.TextBox
$User_name_val.multiline = $false
$User_name_val.width = 250
$User_name_val.height = 20
$User_name_val.location = New-Object System.Drawing.Point(200,70)
#endregion
#region Account password
$Password_lbl = New-Object system.Windows.Forms.Label
$Password_lbl.text = "Password"
$Password_lbl.AutoSize = $true
$Password_lbl.width = 25
$Password_lbl.height = 10
$Password_lbl.location = New-Object System.Drawing.Point(10,100)
$Password_ini_val = New-Object system.Windows.Forms.MaskedTextBox
$Password_ini_val.multiline = $false
$Password_ini_val.width = 250
$Password_ini_val.height = 20
$Password_ini_val.UseSystemPasswordChar = $true
$Password_ini_val.location = New-Object System.Drawing.Point(200,100)
$Password_conf_val = New-Object system.Windows.Forms.MaskedTextBox
$Password_conf_val.multiline = $false
$Password_conf_val.width = 250
$Password_conf_val.height = 20
$Password_conf_val.UseSystemPasswordChar = $true
$Password_conf_val.location = New-Object System.Drawing.Point(200,130)
#endregion
#region Location of the user
$Location_lbl = New-Object system.Windows.Forms.Label
$Location_lbl.text = "Location"
$Location_lbl.AutoSize = $true
$Location_lbl.width = 25
$Location_lbl.height = 10
$Location_lbl.location = New-Object System.Drawing.Point(10,160)
$Location_val = New-Object system.Windows.Forms.TextBox
$Location_val.multiline = $false
$Location_val.text = "OU=Users,OU=ADM,DC=Domain,DC=com"
$Location_val.width = 250
$Location_val.height = 20
$Location_val.location = New-Object System.Drawing.Point(200,160)
#endregion
#region Checkboxes
$Must_chg_pass = New-Object system.Windows.Forms.CheckBox
$Must_chg_pass.text = "User must change password at next logon"
$Must_chg_pass.AutoSize = $false
$Must_chg_pass.width = 290
$Must_chg_pass.height = 20
$Must_chg_pass.location = New-Object System.Drawing.Point(200,190)
$Cannot_chg_pass = New-Object system.Windows.Forms.CheckBox
$Cannot_chg_pass.text = "User cannot change password"
$Cannot_chg_pass.AutoSize = $false
$Cannot_chg_pass.width = 250
$Cannot_chg_pass.height = 20
$Cannot_chg_pass.location = New-Object System.Drawing.Point(200,220)
$Cannot_chg_pass.Checked = $true
$Pass_not_expires = New-Object system.Windows.Forms.CheckBox
$Pass_not_expires.text = "Password never expires"
$Pass_not_expires.AutoSize = $false
$Pass_not_expires.width = 250
$Pass_not_expires.height = 20
$Pass_not_expires.location = New-Object System.Drawing.Point(200,250)
$Pass_not_expires.Checked = $true
$Account_disabled_val = New-Object system.Windows.Forms.CheckBox
$Account_disabled_val.text = "Account is active"
$Account_disabled_val.AutoSize = $false
$Account_disabled_val.width = 250
$Account_disabled_val.height = 20
$Account_disabled_val.location = New-Object System.Drawing.Point(200,280)
$Account_disabled_val.Checked = $false
#endregion
#region Description
$GECOS_lbl = New-Object system.Windows.Forms.Label
$GECOS_lbl.text = "Description"
$GECOS_lbl.AutoSize = $true
$GECOS_lbl.width = 25
$GECOS_lbl.height = 10
$GECOS_lbl.location = New-Object System.Drawing.Point(10,310)
$GECOS_val = New-Object system.Windows.Forms.TextBox
$GECOS_val.multiline = $false
$GECOS_val.width = 250
$GECOS_val.height = 20
$GECOS_val.location = New-Object System.Drawing.Point(200,310)
#endregion
#region Group membership
$ADGroups_lbl = New-Object system.Windows.Forms.Label
$ADGroups_lbl.text = "AD Groups"
$ADGroups_lbl.AutoSize = $true
$ADGroups_lbl.width = 25
$ADGroups_lbl.height = 10
$ADGroups_lbl.location = New-Object System.Drawing.Point(10,340)
$ADGroups_val = New-Object system.Windows.Forms.TextBox
$ADGroups_val.multiline = $true
$ADGroups_val.width = 250
$ADGroups_val.height = 160
$ADGroups_val.location = New-Object System.Drawing.Point(200,340)
#endregion
#region Additional attributes
$Ext_Attribute5_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute5_lbl.Text = "Extension Attribute5"
$Ext_Attribute5_lbl.AutoSize = $true
$Ext_Attribute5_lbl.Width = 25
$Ext_Attribute5_lbl.Height = 10
$Ext_Attribute5_lbl.Location = New-Object System.Drawing.Point(10,510)
$Ext_Attribute5_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute5_val.Text = "Company name"
$Ext_Attribute5_val.Multiline = $false
$Ext_Attribute5_val.Width = 250
$Ext_Attribute5_val.Height = 20
$Ext_Attribute5_val.Location = New-Object System.Drawing.Point(200,510)
$Ext_Attribute10_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute10_lbl.Text = "Extension Attribute10"
$Ext_Attribute10_lbl.AutoSize = $true
$Ext_Attribute10_lbl.Width = 25
$Ext_Attribute10_lbl.Height = 10
$Ext_Attribute10_lbl.Location = New-Object System.Drawing.Point(10,540)
$Ext_Attribute10_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute10_val.Text = "Region"
$Ext_Attribute10_val.Multiline = $false
$Ext_Attribute10_val.Width = 250
$Ext_Attribute10_val.Height = 20
$Ext_Attribute10_val.Location = New-Object System.Drawing.Point(200,540)
$Ext_Attribute15_lbl = New-Object System.Windows.Forms.Label
$Ext_Attribute15_lbl.Text = "Extension Attribute15"
$Ext_Attribute15_lbl.AutoSize = $true
$Ext_Attribute15_lbl.Width = 25
$Ext_Attribute15_lbl.Height = 10
$Ext_Attribute15_lbl.Location = New-Object System.Drawing.Point(10,570)
$Ext_Attribute15_val = New-Object System.Windows.Forms.TextBox
$Ext_Attribute15_val.Text = "EH/WH"
$Ext_Attribute15_val.Multiline = $false
$Ext_Attribute15_val.Width = 250
$Ext_Attribute15_val.Height = 20
$Ext_Attribute15_val.Location = New-Object System.Drawing.Point(200,570)
$Job_Title_lbl = New-Object System.Windows.Forms.Label
$Job_Title_lbl.Text = "Job title"
$Job_Title_lbl.AutoSize = $true
$Job_Title_lbl.Width = 25
$Job_Title_lbl.Height = 10
$Job_Title_lbl.Location = New-Object System.Drawing.Point(10,600)
$Job_Title_val = New-Object System.Windows.Forms.TextBox
$Job_Title_val.Text = "NA"
$Job_Title_val.Multiline = $false
$Job_Title_val.Width = 250
$Job_Title_val.Height = 20
$Job_Title_val.Location = New-Object System.Drawing.Point(200,600)
$Department_lbl = New-Object System.Windows.Forms.Label
$Department_lbl.Text = "Department"
$Department_lbl.AutoSize = $true
$Department_lbl.Width = 25
$Department_lbl.Height = 10
$Department_lbl.Location = New-Object System.Drawing.Point(10,630)
$Department_val = New-Object System.Windows.Forms.TextBox
$Department_val.Text = "NA"
$Department_val.Multiline = $false
$Department_val.Width = 250
$Department_val.Height = 20
$Department_val.Location = New-Object System.Drawing.Point(200,630)
$Company_lbl = New-Object System.Windows.Forms.Label
$Company_lbl.Text = "Company"
$Company_lbl.AutoSize = $true
$Company_lbl.Width = 25
$Company_lbl.Height = 10
$Company_lbl.Location = New-Object System.Drawing.Point(10,660)
$Company_val = New-Object System.Windows.Forms.TextBox
$Company_val.Text = "IBM"
$Company_val.Multiline = $false
$Company_val.Width = 250
$Company_val.Height = 20
$Company_val.Location = New-Object System.Drawing.Point(200,660)
#endregion
#region Buttons
$Confirm_Button = New-Object system.Windows.Forms.Button
$Confirm_Button.BackColor = "#00ff00"
$Confirm_Button.text = "OK"
$Confirm_Button.width = 100
$Confirm_Button.height = 30
$Confirm_Button.location = New-Object System.Drawing.Point(200,690)
$Confirm_Button.Font = 'Microsoft Sans Serif,10,style=Bold'
$Create_ADuser = {
if ($Password_ini_val.Text -cne $Password_conf_val.Text)
{
[System.Windows.MessageBox]::Show("Passwords don't match")
} elseif ($Password_ini_val.Text.Length -lt 8)
{
[System.Windows.MessageBox]::Show("Password is too short")
} else {
$password = $Password_ini_val.Text | ConvertTo-SecureString -AsPlainText -Force
$Display_name = $Display_name_val.Text + " [ADM]"
New-ADUser -GivenName $First_name_val.Text -Surname $Second_name_val.Text -DisplayName $Display_name -AccountPassword $password -Path $Location_val.Text -Name $User_name_val.Text`
-CannotChangePassword $Cannot_chg_pass.Checked -PasswordNeverExpires $Pass_not_expires.Checked -ChangePasswordAtLogon $Must_chg_pass.Checked -Enabled $Account_disabled_val.Checked`
-Description $GECOS_val.Text -OtherAttributes @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text;'ExtensionAttribute9' = "People";'ExtensionAttribute10' = $Ext_Attribute10_val.Text;`
'ExtensionAttribute11' = "Other";'ExtensionAttribute12' = "No";'ExtensionAttribute14' = "NA";'ExtensionAttribute15' = $Ext_Attribute15_val.Text;'Division' = "WG Mustang"}`
-Office "NA" -OfficePhone "NA" -Title $Job_Title_val.Text -Department $Department_val.Text -Company $Company_val.Text -SamAccountName $User_name_val.Text -PassThru | `
Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
$AD_user_creation.Close()
}
}
$Confirm_Button.add_Click($Create_ADuser)
$Cancel_button = New-Object system.Windows.Forms.Button
$Cancel_button.BackColor = "#ff0000"
$Cancel_button.text = "Cancel"
$Cancel_button.width = 100
$Cancel_button.height = 30
$Cancel_button.location = New-Object System.Drawing.Point(350,690)
$Cancel_button.Font = 'Microsoft Sans Serif,10,style=Bold'
<#$Cancel = {
$AD_user_creation.Close()
exit
}#>
$Cancel_button.add_Click({
$AD_user_creation.Close()
exit
})
$AD_user_creation.AcceptButton = $Confirm_Button
$AD_user_creation.CancelButton = $Cancel_button
#endregion
$AD_user_creation.controls.AddRange(@($Display_name_lbl,$First_name_val,$Second_name_val,$User_name_lbl,$Display_name_val,$User_name_val,$Password_lbl,$Password_ini_val,$Password_conf_val,$Location_lbl,`
$Location_val,$Must_chg_pass,$Cannot_chg_pass,$Pass_not_expires,$Account_disabled_val,$GECOS_lbl,$GECOS_val,$ADGroups_lbl,$ADGroups_val,$Ext_Attribute5_lbl,$Ext_Attribute5_val,$Ext_Attribute10_lbl,`
$Ext_Attribute10_val,$Ext_Attribute15_lbl,$Ext_Attribute15_val,$Job_Title_lbl,$Job_Title_val,$Department_lbl,$Department_val,$Company_lbl,$Company_val,$Confirm_Button,$Cancel_button))
$showFullName = { $Display_name_val.Text = ($First_name_val.Text + " " + $Second_name_val.Text) }
[void]$Second_name_val.Add_Leave( { & $showFullName } )
[void]$First_name_val.Add_Leave( { & $showFullName } )
[void]$AD_user_creation.ResumeLayout()
$result = $AD_user_creation.ShowDialog()
[void]$AD_user_creation.Dispose()
Set-ExecutionPolicy $Orig_exec_policy -Force
Originally I didn't put the -passthru parameter to the New-ADUser (row 268) and added the Add-ADPrincipalGroupMembership cmdlet at a separate row with -Identity parameter instead, but tried the actual solution in the code above, when that didn't work. I verified that the $ADGroups_val.Text contains the group names put in the respective textbox.
Any idea why the groups aren't added?
回答1:
The coding you use for the New-ADUser cmdlet has some bad formatting problems. Because of this, it is hard to spot that some backticks are in the wrong place.
Using Splatting helps the code to become more readable/maintainable.
By capturing the output of New-ADUser in a variable (for that you need to add the PassThru switch), you can first test if the new user is created or not and only if you have a valid user object, add it to the group:
$params = @{
'GivenName' = $First_name_val.Text
'Surname' = $Second_name_val.Text
'DisplayName' = $Display_name
'AccountPassword' = $password
'Path' = $Location_val.Text
'Name' = $User_name_val.Text
'CannotChangePassword' = $Cannot_chg_pass.Checked
'PasswordNeverExpires' = $Pass_not_expires.Checked
'ChangePasswordAtLogon' = $Must_chg_pass.Checked
'Enabled' = $Account_disabled_val.Checked
'Description' = $GECOS_val.Text
'Office' = "NA"
'OfficePhone' = "NA"
'Title' = $Job_Title_val.Text
'Department' = $Department_val.Text
'Company' = $Company_val.Text
'SamAccountName' = $User_name_val.Text
'OtherAttributes' = @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text
'ExtensionAttribute9' = "People"
'ExtensionAttribute10' = $Ext_Attribute10_val.Text
'ExtensionAttribute11' = "Other"
'ExtensionAttribute12' = "No"
'ExtensionAttribute14' = "NA"
'ExtensionAttribute15' = $Ext_Attribute15_val.Text
'Division' = "WG Mustang"}
'PassThru' = $true
}
$newUser = New-ADUser @params
if ($newUser) {
$newUser | Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
}
else {
[System.Windows.MessageBox]::Show("Error creating new user")
}
来源:https://stackoverflow.com/questions/60223196/ad-users-dont-get-added-to-groups-by-powershell