ADSI 没有正确验证?

ADSI not validating correctly?

我有一个包含 1500 多个用户的 CSV,每个 class OU 有 30 个用户,然后每个 Intake OU 有 6 class OU。我想要实现的是,foreach (user in CSV),检查 OU 是否存在,然后检查父 OU 是否存在,只有当它不存在时才创建父 OU,然后创建 OU,然后创建用户,或者如果 OU 存在,则只创建用户。

这是我使用的代码:

$ErrorActionPreference = "Stop"
Import-Module ActiveDirectory
$CSV = Import-Csv "C:\Scripts\AddPupils.csv" 

foreach ($user in $CSV) {
    # Variables
    $GivenName = $user.GivenName
    $SurName = $user.SurName
    $UserName = $user.UserName
    $Class = $user.YearClass
    $Intake = $user.Intake
    $DisplayName = $GivenName+" "+$SurName

    # Create User
    $UserOUParent = "OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
    $UserOU = "OU=Class "+$Class.Substring(1,1)+",OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
    $NewUserOUParentCheck = [ADSI]::Exists("LDAP://$UserOUParent")
    $NewUserOUCheck = [ADSI]::Exists("LDAP://$UserOU")

    if ($NewUserOUCheck -eq $false){
        if ($NewUserOUParentCheck -eq $false){
            "Create Parent Ou"
            New-ADOrganizationalUnit `
                -Name ("Year "+$Intake+" Intake") `
                -Path "OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com" `
                -ProtectedFromAccidentalDeletion $False
        }
        "Create OU"
        New-ADOrganizationalUnit `
            -Name ("Class "+$Class.Substring(1,1)) `
            -Path ("OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
            -ProtectedFromAccidentalDeletion $False
    }
    "Create User"
    New-ADUser `
        -Name $DisplayName `
        -SurName $SurName `
        -GivenName $GivenName `
        -DisplayName $DisplayName `
        -SamAccountName $UserName `
        -UserPrincipalName ($UserName+"@Zulbag.com") `
        -AccountPassword (ConvertTo-SecureString "Testing123" -AsPlainText -force) `
        -CannotChangePassword $true `
        -ChangePasswordAtLogon $false `
        -PasswordNeverExpires $true `
        -EmailAddress ($UserName+"@Zulbag.com") `
        -Country "GB" `
        -Path ("OU=Class "+$Class.Substring(1,1)+",OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
        -ProfilePath ("D:\Shares\User Accounts\Students\Intake Year "+$Intake+"\Class "+$Class.Substring(1,1)+"\Profiles\"+$DisplayName) `
        -Enabled $true

    Start-Sleep -Seconds 5
    # Add To Group  
    $Group = "CN=Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)+",OU=Intake "+$Intake+",OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
    $GroupOU = "OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
    $NewGroupCheck = [ADSI]::Exists("LDAP://$Group")
    $NewGroupOUCheck = [ADSI]::Exists("LDAP://$GroupOU")

    if ($NewGroupCheck -eq $false) {
        if ($NewGroupOUCheck -eq $false) {
            "Create OU"
            New-ADOrganizationalUnit `
                -Name ("Intake "+$Intake) `
                -Path "OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com" `
                -ProtectedFromAccidentalDeletion $False
        }
        "create Group"
        New-ADGroup `
            -Name ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) `
            -GroupScope "Global" `
            -Path ("OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com")
    }
    "Add Member"
    Add-ADGroupMember ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) $UserName
}

pause

CSV 样本:

GivenName,SurName,Class,UserName,Intake
Ali,Grisdale,1B,AGris,2016
Ayomiposi,Olayera,1B,AOlay,2016

Write-Output 的测试中,[ADSI] 验证正确,但它似乎在这里验证不正确,我不断收到的错误消息是:

New-ADOrganizationalUnit : An attempt was made to add an object to the 
directory with a name that is already in use
At C:\Scripts\AddPupils-Afzal.ps1:24 char:13
+             New-ADOrganizationalUnit 
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (OU=Year 2016 In...C=Zulbag,DC=Com:String) [New-ADOrganizationalUnit], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8305,Microsoft.ActiveDirectory.Management.Commands.NewADOrganizationalUnitdirectory

它成功创建了父 OU,class OU 和用户,但未能创建第二个用户,而是再次错误地验证了 OU。

有什么想法吗?

检查脚本路径错误!