在 AD 中批量创建用户

Issue bulk creation of users in AD

我正在尝试创建一种解决方案,在 AD 中创建数千个帐户,将它们添加到特定组,或者对于服务帐户,将它们添加到特定 OU。记录所做的事情和错误。

脚本提取包含以下内容的 csv 文件 headers。

SamAccountName,name,password,ou,domain,isAdded

$Domain  = [system.directoryservices.activedirectory.domain]::GetCurrentDomain().Name
$NewUserADGroup = 'Print Operators'
$NewUsersList = Import-Csv .\bulk_user1.csv | Where-Object{$_.domain -like "$Domain"}
$NewUsersList | ForEach-Object{
              $NewUserAttributes = @{
              SamAccountName    = $_.SamAccountName
              name              = $_.name
              #path              = $_.parentou
              #UserPrincipalName = $_."samAccountName" + "@lovely.Local"
              AccountPassword   = (convertto-securestring "$NewUsersList.password" -AsPlainText -Force)
              Enabled           = $true
              #Server            = $dcname
              #isAdded = $Issue
              }
              try{
                 #Create new User and add to specific group
                 New-ADUser $NewUserAttributes
                 Add-ADGroupMember -Identity $NewUserADGroup -Members $_.SamAccountName
                 #Delete Specific User
                 #Remove-ADUser -Identity $_.SamAccountName
                 }catch{
                        Write-Warning $_
                        $Issue  = $_.ToString()   
                        }
                        $count = $count + 1 
                        Write-Host  $_.SamAccountName " " $_.Name " " $_.SamAccountName.Enabled " Total:" $NewUsersList.Count + "Processed:" $count
                        $NewUserAttributes| Select-Object -Property SamAccountName,name,AccountPassword,Enabled,isAdded | Export-Csv ".$Domain.NewAccountsCreatedStatus.csv"

}

我收到以下错误:

WARNING: The name provided is not a properly formed account name

当我查看变量时

$NewUserAttributes

我确实看到了名称和值:

Name                           Value                                                                                                                                                  
----                           -----                                                                                                                                                  
Enabled                        True                                                                                                                                                   
name                           bfmbsngfilexfer2                                                                                                                                       
AccountPassword                System.Security.SecureString                                                                                                                           
SamAccountName                 bfmbsngfilexfer2  

          

按照承诺,重写您的代码。
我插入了评论以希望解释代码的作用:

$Domain         = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
$NewUserADGroup = 'Print Operators'
$successCount   = 0
$NewUsersList   = Import-Csv .\bulk_user1.csv | Where-Object { $_.domain -eq $Domain } | ForEach-Object {
    # capture the human readable password for output use
    $password = $_.password
    $userParams = @{
        SamAccountName    = $_.SamAccountName
        Name              = $_.name
        Path              = $_.parentou
        UserPrincipalName = '{0}@lovely.Local' -f $_.SamAccountName
        AccountPassword   = ConvertTo-SecureString $_.password -AsPlainText -Force
        Enabled           = $true
        #Server           = $dcname
    }
    try{
        # Create new User and add to specific group
        $user = New-ADUser @userParams -PassThru -ErrorAction Stop
        Add-ADGroupMember -Identity $NewUserADGroup -Members $user -ErrorAction Stop
        # add the 'isAdded' element to the $userParams hashtable
        $userParams['isAdded'] = $true
        $successCount++
    }
    catch{
        Write-Warning $_.Exception.Message
        $userParams['isAdded'] = $false  
    }
    # output a PsCustomObject with values taken from the Hashtable
    # AccountPassword is a SecureString, which will be of no use to you..
    # Output the human readable password instead so you can inform the new users.
    [PsCustomObject]$userParams | Select-Object SamAccountName, Name,
                                                @{Name = 'Password'; Expression = {$password}},
                                                Enabled, isAdded
}

# output
# use '@($NewUsersList)' to force it as array, so the Count property is accurate
if (@($NewUsersList).Count) { 
    Write-Host ('Processed: {0} Succeeded: {1}' -f $NewUsersList.Count, $successCount) -ForegroundColor Green
    $NewUsersList | Export-Csv ".$Domain.NewAccountsCreatedStatus.csv" -NoTypeInformation
}
else {
    Write-Host 'No users successfully processed!' -ForegroundColor Red
}