Hallo liebe Leute,
Folgender script liegt vor, bisher läuft das ganze so ab:
$impcsvfile | ForEach-Object {
#checking if group allready exists, if not the group is going to be created
Write-Host "Step 3: checking if group allready exists, if not the group is going to be created" -ForegroundColor Green -BackgroundColor DarkGreen
#region checkg
#checking group existens
$checkg = [ADSI]::Exists("LDAP://CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int")
#or?
#$checkg = [ADSI]::Exists("LDAP://CN=$($_.GROUPNAME),DC=kl,DC=int")
#becouse the group has the be searcht over the whole container not just in the specific OU, becouse that OU was newly created for the script...!?
#endregion
#region if group exists
#if group exists
if ($checkg -eq $false)
{
#creating new group
Write-Host "Step 3.1: creating new group" -ForegroundColor Blue -BackgroundColor DarkGreen
New-QADGroup -Name $_.GROUPNAME -SamAccountName $_.GROUPNAME -DisplayName $_.GROUPNAME -Description $_.GROUPDESCRIPTION -GroupScope Global -GroupType Security -ParentContainer "OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -ErrorAction Continue #| tee -FilePath $tee\$teename
#(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
}
else
{
#continueing if group allready exists
Write-Error -Message "group exists continueing" -ErrorAction SilentlyContinue -ErrorVariable $Error3
#(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
}
#show info group
#(get-QADGroup 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name | Write-Host
#endregion
#endregion
#----------------------------------------------------------------
#region check if user disbaled + add user
#checking if user is deactivated, if not the user gets a member of the group, if, he is removed
Write-Host "Step 4: checking if user is deactivated, if not the user gets a member of the group, if, he is getting removed" -ForegroundColor Black -BackgroundColor Yellow
#region disable check variables
#variables (with directorysearcher)
$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.Filter = "(&(objectCategory=Person)(sAMAccountname=$($_.USER))(!userAccountControl:1.2.840.113556.1.4.803:=2))"
$du = $ds.FindOne()
$de = $du.GetDirectoryEntry()
#endregion
#region if user is disabled
#checking if user is deactivated
if ($du = $ds.FindOne())
{
#adding user to the group
Write-Host "Step 4.1 adding user to group" -ForegroundColor Blue -BackgroundColor Yellow
Add-Qadgroupmember -Identity "CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -Member $_.USER -ErrorAction Continue #| tee -FilePath $tee\$teename
#(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
}
else
{
#removing and error if user is deactivated
Write-Host "Step 4.?(2) removing user from group" -ForegroundColor Red -BackgroundColor Yellow
Remove-QADGroupMember -Identity "CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -Member $_.USER -ErrorAction SilentlyContinue
Write-Error -Message "user is disabled, next step" -ErrorAction SilentlyContinue -ErrorVariable $error4
#(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name
}
#show info group user/s
#(Get-QADGroupMember 'CN=$($_.GROUPNAME),OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int').DirectoryEntry.name | Write-Host
}
#endregion
#endregionin Zukunft soll das ganze eher so Aussehen:
try { get-qadgroup "$_.GROUPNAME" }
catch
{
#creating new group
Write-Host "Step 3.1: creating new group" -ForegroundColor Blue -BackgroundColor DarkGreen
New-QADGroup -Name $_.GROUPNAME -SamAccountName $_.GROUPNAME -DisplayName $_.GROUPNAME -Description $_.GROUPDESCRIPTION -GroupScope Global -GroupType Security -ParentContainer "OU=$($_.OU),OU=Gruppen,OU=Users,OU=KL,OU=D,OU=KL-Group,DC=kl,DC=int" -ErrorAction Continue
}weil ich mit [ADSI] nicht in der gesamten Directory überprüfen kann ob die Gruppe existiert soll das ganze mit Get-QADGroup geprüft werden und der ausgabewert "DN" von:
Name Type DN ---- ---- -- testt group CN=testt,OU=Test-OU-Temp,DC=kl,DC=int
für das hinzufügen von neuen GroupMember benutzt werden also z.B:
Add-Qadgroupmember -Identity "$AUSGABEWERT VON GET_QADGROUP (SPALTE DN)" -Member $_.USER -ErrorAction Continue #
also meine Frage: Wie bekomme ich die Ausagen "DN" in eine Variable die ich später verwenden kann??
Domenicc TechNet Foren Thanks