在日常的AD用户管理中,时长会有用户的岗位调动,当用户到新岗位后,所对应的文件夹、sharepoint、邮件Distribution Group都将会有变更。我们既要清空其原有的AD安全组,同时也要给其添加新的安全组,以符合合规性的要求!
以下Powershell脚本即可很方便的帮助我进行该操作,一条命令搞定!当然这是在我们的IT环境中的使用的脚本,我们有OA系统,会自动同步部门变化到AD用户的属性中,所以在此处我别不需要委会部门、title等信息。
复制一个ADuser的权限到另一用户的Powershell,欢迎留言交流
#Define variables
$Reference = '_UserTemplate'
$ADuser = Read-Host "Please enter the username"
$CheckUser=Get-ADUser -Filter {SamAccountName -eq $ADuser}
#检查用户是否存在
if( $CheckUser -eq $null)
{
Write-Host 'User name is null, Exit!' -ForegroundColor Red
Exit
}
Write-Host 'User name is: '$ADuser -ForegroundColor Yellow
Write-Host 'Reference accuount is: '$Reference -ForegroundColor Yellow
#Empty groups from the account
Get-ADPrincipalGroupMembership -Identity $ADuser|?{$_.name -ne"domain users"} | %{Remove-ADPrincipalGroupMembership -Identity $ADuser -MemberOf $_ -Confirm:$false}
#Add Groups from Reference user
$GroupNames = Get-ADPrincipalGroupMembership -Identity $Reference | Where-Object -FilterScript{($_.SamAccountName -notlike '*U_M365*') -and ($_.SamAccountName -notlike "domain users")}
foreach ($Group in $GroupNames) # Update User Group Membership
{
Write-Host $Group
#Add-ADGroupMember -Identity $Group -Members $ADuser
}
Write-Host 'Complete with M365 was exclued!' -ForegroundColor Green