我正在尝试整合PS脚本,以自动将计算机添加到不属于其他组的安全组中。
在这种情况下,将所有计算机添加到group_b,这些计算机不属于group_a。
这就是我试过的......
#get list of computers from group_a
$tpmobjects = Get-ADGroupMember -Identity "group_a" | Select name
#add computers to group_b that are not in group_a
Get-ADComputer -Filter {SamAccountName -notlike $tpmobjects} | Foreach-Object { Add-ADPrincipalGroupMembership -Identity $_.SamAccountName -MemberOf "group_b" }
我得到的错误是......
Get-ADComputer : Type: 'System.Object[]' is not supported for extended attribute 'SamAccountName'.
At line:2 char:1
+ Get-ADComputer -Filter {SamAccountName -notlike $tpmobjects}...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
任何人都有办法做到这一点?
感谢。
答案 0 :(得分:0)
Get-ADGroupMember
返回多个对象,而-Filter
参数不支持与多个对象匹配。
此方法有多种方法,但最简单的方法是使用Get-ADGroupMember
简单地过滤Where-Object
的输出:
$Computers = Get-ADGroupMember group_a |Where-Object {$_.objectClass -eq 'computer'}
您也不需要在Add-ADPrincipalGroupMembership
中包装ForEach-Object
,它接受管道输入,并且ADComputer
对象可以直接绑定到-Identity
参数而不会出现问题:
$Computers |Add-ADPrincipalGroupMembership -MemberOf group_a