Powershell: Get-QADGroup die Ausgabe DN in eine Variable schreiben und später mit Add-QADGroupMember User zur Grouppe hinzufügen wie!?

Hallo liebe Leute,

Folgender script liegt vor, bisher läuft das ganze so ab:

$impcsvfile | ForEach-Object {

#checking if group allready exists, if not the group is going to be created
Write-Host "Step 3: checking if group allready exists, if not the group is going to be created" -ForegroundColor Green -BackgroundColor DarkGreen

#region checkg

#checking group existens
$checkg = [ADSI]::Exists("LDAP://CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int")
#or?
#$checkg = [ADSI]::Exists("LDAP://CN=$($_.GROUPNAME),DC=kl,DC=int")
#becouse the group has the be searcht over the whole container not just in the specific OU, becouse that OU was newly created for the script...!?

#endregion

#region if group exists

#if group exists
if ($checkg -eq $false)
    {
	 #creating new group
	 Write-Host "Step 3.1: creating new group" -ForegroundColor Blue -BackgroundColor DarkGreen
     New-QADGroup -Name $_.GROUPNAME -SamAccountName $_.GROUPNAME -DisplayName $_.GROUPNAME -Description $_.GROUPDESCRIPTION -GroupScope Global -GroupType Security -ParentContainer "OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -ErrorAction Continue #| tee -FilePath $tee\$teename
	 #(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
    }
else
    {
	 #continueing if group allready exists
     Write-Error -Message "group exists continueing" -ErrorAction SilentlyContinue -ErrorVariable $Error3
	 #(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
    }

#show info group
#(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name | Write-Host

#endregion

#endregion

#----------------------------------------------------------------

#region check if user disbaled + add user

#checking if user is deactivated, if not the user gets a member of the group, if, he is removed
Write-Host "Step 4: checking if user is deactivated, if not the user gets a member of the group, if, he is getting removed" -ForegroundColor Black -BackgroundColor Yellow

#region disable check variables

#variables (with directorysearcher)
$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = "(&(objectCategory=Person)(sAMAccountname=$($_.USER))(!userAccountControl:1.2.840.113556.1.4.803:=2))"
$du = $ds.FindOne()
$de = $du.GetDirectoryEntry()

#endregion

#region if user is disabled

#checking if user is deactivated 
if ($du = $ds.FindOne())
   {
    #adding user to the group
    Write-Host "Step 4.1 adding user to group" -ForegroundColor Blue -BackgroundColor Yellow
    Add-Qadgroupmember -Identity "CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -Member $_.USER -ErrorAction Continue #| tee -FilePath $tee\$teename
	#(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
   }
else
    {
	 #removing and error if user is deactivated
	 Write-Host "Step 4.?(2) removing user from group" -ForegroundColor Red -BackgroundColor Yellow
	 Remove-QADGroupMember -Identity "CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -Member $_.USER -ErrorAction SilentlyContinue
	 Write-Error -Message "user is disabled, next step" -ErrorAction SilentlyContinue -ErrorVariable $error4
	 #(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
    }

#show info group user/s
#(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name | Write-Host

}

#endregion

#endregion

in Zukunft soll das ganze eher so Aussehen:

try { get-qadgroup "$_.GROUPNAME" }

catch

{

#creating new group
Write-Host "Step 3.1: creating new group" -ForegroundColor Blue -BackgroundColor DarkGreen
New-QADGroup -Name $_.GROUPNAME -SamAccountName $_.GROUPNAME -DisplayName $_.GROUPNAME -Description $_.GROUPDESCRIPTION -GroupScope Global -GroupType Security -ParentContainer "OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -ErrorAction Continue

}

weil ich mit [ADSI] nicht in der gesamten Directory überprüfen kann ob die Gruppe existiert soll das ganze mit Get-QADGroup geprüft werden und der ausgabewert "DN" von:

Name                           Type            DN                                                                                                              
----                           ----            --                                                                                                              
testt                          group           CN=testt,OU=Test-OU-Temp,DC=kl,DC=int

für das hinzufügen von neuen GroupMember benutzt werden also z.B:

Add-Qadgroupmember -Identity "$AUSGABEWERT VON GET_QADGROUP (SPALTE DN)" -Member $_.USER -ErrorAction Continue #

also meine Frage: Wie bekomme ich die Ausagen "DN" in eine Variable die ich später verwenden kann??

danke für jegliche Hilfe

Domenicc TechNet Foren Thanks