PowerShell脚本将计算机添加到不属于另一个组的组?

时间:2016-05-18 22:00:29

标签: powershell active-directory automation powershell-v3.0

我正在尝试整合PS脚本,以自动将计算机添加到不属于其他组的安全组中。

在这种情况下,将所有计算机添加到group_b,这些计算机不属于group_a。

这就是我试过的...... 

#get list of computers from group_a
$tpmobjects = Get-ADGroupMember -Identity "group_a" | Select name
#add computers to group_b that are not in group_a
Get-ADComputer -Filter {SamAccountName -notlike $tpmobjects} | Foreach-Object { Add-ADPrincipalGroupMembership -Identity $_.SamAccountName -MemberOf "group_b" }

我得到的错误是...... 

Get-ADComputer : Type: 'System.Object[]' is not supported for extended attribute 'SamAccountName'.
At line:2 char:1
+ Get-ADComputer -Filter {SamAccountName -notlike $tpmobjects}...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

任何人都有办法做到这一点?

感谢。

1 个答案:

答案 0 :(得分:0)

Get-ADGroupMember返回多个对象,而-Filter参数不支持与多个对象匹配。

此方法有多种方法,但最简单的方法是使用Get-ADGroupMember简单地过滤Where-Object的输出:

$Computers = Get-ADGroupMember group_a |Where-Object {$_.objectClass -eq 'computer'}

您也不需要在Add-ADPrincipalGroupMembership中包装ForEach-Object,它接受​​管道输入,并且ADComputer对象可以直接绑定到-Identity参数而不会出现问题:

$Computers |Add-ADPrincipalGroupMembership -MemberOf group_a
相关问题
最新问题