powershell 如何确保脚本根据员工姓名生成自定义用户名并在发生冲突时发出警报

hm2xizp9  于 2023-03-12  发布在  Shell
关注(0)|答案(1)|浏览(141)

现在我有一个代码来创建用户在一个域。你传递3个变量,它创建帐户。它可以创建帐户就好。
由于我们雇佣了数百名员工,因此它还需要能够处理新帐户,这些帐户最终可能会使用与现有帐户相同的生成名称。
我想要的是让它看到当前生成的用户名已经是一个现有的帐户,并提供一个提示输入一个自定义用户名,然后继续创建。到目前为止,如果我运行代码,并有一个冲突,代码只是不会运行错误。

"New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide"

我目前掌握的情况是:

param($firstname, $lastname, $location)
Import-Module ActiveDirectory

$username = ($firstname.Substring(0,1) + $lastname).ToLower()

$userExists = Get-ADUser -Filter {sAMAccountName -eq $username}
if ($userExists -ne $null) {
    Write-Host "The username '$username' already exists in Active Directory. Please enter a custom username:"
    $customUsername = Read-Host
    $username = $customUsername
}

$path = "OU=Users,OU=$location,OU=GS,DC=domain,DC=com"

New-ADUser `
    -Name "$firstname $lastname" `
    -GivenName $firstname `
    -Surname $lastname `
    -UserPrincipalName "$username@domain.com" `
    -SamAccountName $username `
    -AccountPassword (ConvertTo-SecureString "Password123" -AsPlainText -Force) `
    -Path $path `
    -ProfilePath "\\domain\homes\profiles\$username" `
    -ChangePasswordAtLogon 1 `
    -Enabled 1 `
    -OtherAttributes @{'gidNumber'='711132'; 'uid'= '$username'} `

Add-ADGroupMember `
    -Identity "$location" -Members $username

$user = Get-ADUser -Identity $username
$sid = $user.SID
$last4DigitsOfObjectSid = $sid.Value.Substring($sid.Value.Length - 4)
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $username -Replace @{'uidNumber'=$newUidNumber}
ttcibm8c

ttcibm8c1#

您可以使用while循环来测试在继续创建新用户之前用户名是否已被使用。
此外,我建议使用splatting来保持所有用户参数的结构清晰,而不必使用那些讨厌的反勾号(或者非常非常长的代码行)
如果还指定switch PassThru,New-ADUser cmdlet将立即返回新创建的用户对象,因此可以省略额外的Get-ADUser调用。

param($firstname, $lastname, $location)
Import-Module ActiveDirectory

$path     = "OU=Users,OU=$location,OU=GS,DC=domain,DC=com"
$username = ($firstname.Substring(0,1) + $lastname).ToLower()

# test if the username (=SamAccountName) is unique
while ((Get-ADUser -Filter "SamAccountName -eq '$username'")) {
    Write-Warning "The username '$username' already exists in Active Directory."
    $username = Read-Host "Please enter a new custom username. Leave empty to quit."
    if ([string]::IsNullOrWhiteSpace($username)) { exit }
}

# create a splatting Hashtable for the parameters of New-ADUser
$userParams = @{
    Name                  = "$firstname $lastname"
    GivenName             = $firstname
    Surname               = $lastname
    UserPrincipalName     = "$username@domain.com"
    SamAccountName        = $username
    # always use single quotes around a hardcoded password to avoid string interpolation
    AccountPassword       = (ConvertTo-SecureString 'Password123' -AsPlainText -Force)
    Path                  = $path
    ProfilePath           = "\\domain\homes\profiles\$username"
    ChangePasswordAtLogon = $true
    Enabled               = $true
    OtherAttributes       = @{'gidNumber'='711132'; 'uid'= $username}
    # have New-ADUser return the user object
    PassThru              = $true
}

$user = New-ADUser @userParams
# calculate the UidNumber from the users SID
$last4DigitsOfObjectSid = $user.SID -replace '.*(\d{4})$', '$1'
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $user -Replace @{'uidNumber'=$newUidNumber}

# and add the new user to the group
# here $location is both the name of a group AND the name for the OU
Add-ADGroupMember -Identity $location -Members $user

相关问题