我现在正在尝试为我们的新用户自动添加目录到服务器。我想我已经接近了正确的脚本,但需要一点帮助。如果用户的company属性为1480,则在\\server\hs\sameaccountname中创建文件夹,如果属性为1479,则在\\server-elem\samaccountname中创建文件夹。另外正确的执行被分配给这个文件夹给用户。在服务器上创建用户目录并添加权限
#Search AD for HS Students
$hs = Get-ADUser -filter 'company -eq "1480"'
$path = "\\hs-ss\students\hs\"
forEach($user in $hs) {
#Create user directory of Storage Server
New-Item -Path $path -Name $SamAccountName -ItemType "directory"
$ACL = Get-ACL "$path\$SamAccountName"
$ACL.SetAccessRuleProtection($true, $true)
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("clasd\$SamAccountName", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")))
Set-Acl "$Path\$SamAccountName" $ACL
}
编辑1
这是我的错误:
New-Item : Item with specified name \\hs-ss\students\hs\ already exists.
At C:\AD_Scripts\psscripts\user_create.ps1:76 char:1
+ New-Item -Path $path -Name $SamAccountName -ItemType "directory"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceExists: (\\hs-ss\students\hs\:String) [New-Item], IOException
+ FullyQualifiedErrorId : DirectoryExist,Microsoft.PowerShell.Commands.NewItemCommand
Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At C:\AD_Scripts\psscripts\user_create.ps1:79 char:1
+ $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRul ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException
编辑2
越来越近,因为该文件夹被创建,但该权限没有得到添加。
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 11/15/2016 3:26 PM 111111
Get-ACL : Cannot find path '\\hs-ss\students\hs\CN=Test student1,OU=Students,OU=Users,OU=HS,DC=clasd,DC=net.' because it does not exist.
At C:\AD_Scripts\psscripts\user_create.ps1:80 char:8
+ $ACL = Get-ACL "$path\$user.$SamAccountName"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand
You cannot call a method on a null-valued expression.
At C:\AD_Scripts\psscripts\user_create.ps1:81 char:1
+ $ACL.SetAccessRuleProtection($true,$true)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At C:\AD_Scripts\psscripts\user_create.ps1:82 char:1
+ $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRul ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Set-Acl : Cannot bind argument to parameter 'AclObject' because it is null.
At C:\AD_Scripts\psscripts\user_create.ps1:83 char:39
+ Set-Acl "$Path\$user.$SamAccountName" $ACL
+ ~~~~
+ CategoryInfo : InvalidData: (:) [Set-Acl], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAclCommand
代码:
#Search AD for HS Students
$hs = Get-ADUser -filter 'company -eq "1480"'
$path = "\\hs-ss\students\hs"
forEach($user in $hs)
{
#$samaccount = $user.SamAccountName
#Create user directory of Storage Server
New-Item -Path $path -Name $($User.SamAccountName) -ItemType "directory" | Out-Null
$ACL = Get-ACL "$path\$user.$SamAccountName"
$ACL.SetAccessRuleProtection($true,$true)
$ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("clasd\$user.$SamAccountName","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")))
Set-Acl "$Path\$user.$SamAccountName" $ACL
}
+0
等什么不起作用? –
+0
$ SamAccountName是不是空的?由第一个错误判断看起来是这样。 –
+0
当我做一个Get-ADUser时,它返回一个用户,所以samaccountname不是空的。 Powershell对我来说都是新的,所以我正在学习。 –