Powershell New-ADUser 问题与 -AccountPassword
Powershell New-ADUser issue with -AccountPassword
我正在尝试添加新学生列表(来自 CSV 文件),
当我想添加 -AccountPassword.
时它工作正常
这是包含 -AccountPassword 的脚本 (Powershell):
脚本需要很长时间来处理每个学生,我收到的错误消息是:由于超时期限已过,此操作已返回
用户仍然被创建,但是 -Enabled 和 -ChangePasswordAtLogon 仍然设置为 $false,尽管我把它设置为 $true
Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter ";" -Path ".\userslist.csv"
foreach ($User in $Users)
{
$OU = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
$Password = $User.password
$Detailedname = $User.firstname + " " + $User.name
$UserFirstname = $User.Firstname
$AccountName = $User.AccountName
$SAM = $AccountName + 21
$Office = $User.Office
$Description = $User.Description
$Email = $User.Email
New-AdUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -GivenName $user.firstname -Surname $user.name -Office $Office -Description $Description -ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString "Test123PWD" -AsPlainText -Force) -Enabled $True -Email $Email -Path $OU
}
这是我删除 -AccountPassword 并改为 -PasswordNotrequired $true
一切正常所以这就是我如何知道我的错误消息来自-AccountPassword
Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter ";" -Path ".\userslist.csv"
foreach ($User in $Users)
{
$OU = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
$Password = $User.password
$Detailedname = $User.firstname + " " + $User.name
$UserFirstname = $User.Firstname
$AccountName = $User.AccountName
$SAM = $AccountName + 21
$Office = $User.Office
$Description = $User.Description
$Email = $User.Email
New-AdUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -GivenName $user.firstname -Surname $user.name -Office $Office -Description $Description -PasswordNotRequired $True -ChangePasswordAtLogon $true -Enabled $True -Email $Email -Path $OU
}
如何解决这个问题,因为我想为新生设置一个默认密码
谢谢!
我强烈建议您开始在需要大量参数的 cmdlet 上使用Splatting。
可能 userslist.csv 中的 password 字段对于某些用户来说是空的。在这种情况下,它要么是 CSV 中的遗漏,要么是为了让该用户不需要密码。
如果您尝试使用空字符串设置帐户密码,您将收到错误消息。
来自the docs:
User accounts, by default, are created without a password. If you
provide a password, an attempt will be made to set that password
however, this can fail due to password policy restrictions. The user
account will still be created and you may use Set-ADAccountPassword to
set the password on that account. In order to ensure that accounts
remain secure, user accounts will never be enabled unless a valid
password is set or PasswordNotRequired is set to $True.
问题是:$SAM = $AccountName + 21是什么意思??
Import-Module ActiveDirectory
Import-Csv -Delimiter ";" -Path ".\userslist.csv" | ForEach-Object {
$fullName = ('{0} {1}' -f $_.firstname, $_.name).Trim()
$userParams = @{
Name = $fullName
SamAccountName = '{0}21' -f $_.AccountName # 21 is the year the sudent starts
UserPrincipalName = $_.Email # or construct this: "$($_.AccountName)@yourcompany.com"
DisplayName = $fullName
GivenName = $_.firstname
Surname = $_.name
Office = $_.Office
Description = $_.Description
Enabled = $true
Email = $_.Email
Path = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
}
if ([string]::IsNullOrWhiteSpace($_.password)) {
# no password for this user in the CSV
$userParams['ChangePasswordAtLogon'] = $false
$userParams['PasswordNotRequired'] = $true
}
else {
$userParams['AccountPassword'] = ConvertTo-SecureString $_.password -AsPlainText -Force
$userParams['ChangePasswordAtLogon'] = $true
}
New-ADUser @userParams
}
我正在尝试添加新学生列表(来自 CSV 文件), 当我想添加 -AccountPassword.
时它工作正常这是包含 -AccountPassword 的脚本 (Powershell):
脚本需要很长时间来处理每个学生,我收到的错误消息是:由于超时期限已过,此操作已返回
用户仍然被创建,但是 -Enabled 和 -ChangePasswordAtLogon 仍然设置为 $false,尽管我把它设置为 $true
Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter ";" -Path ".\userslist.csv"
foreach ($User in $Users)
{
$OU = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
$Password = $User.password
$Detailedname = $User.firstname + " " + $User.name
$UserFirstname = $User.Firstname
$AccountName = $User.AccountName
$SAM = $AccountName + 21
$Office = $User.Office
$Description = $User.Description
$Email = $User.Email
New-AdUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -GivenName $user.firstname -Surname $user.name -Office $Office -Description $Description -ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString "Test123PWD" -AsPlainText -Force) -Enabled $True -Email $Email -Path $OU
}
这是我删除 -AccountPassword 并改为 -PasswordNotrequired $true
一切正常所以这就是我如何知道我的错误消息来自-AccountPassword
Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter ";" -Path ".\userslist.csv"
foreach ($User in $Users)
{
$OU = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
$Password = $User.password
$Detailedname = $User.firstname + " " + $User.name
$UserFirstname = $User.Firstname
$AccountName = $User.AccountName
$SAM = $AccountName + 21
$Office = $User.Office
$Description = $User.Description
$Email = $User.Email
New-AdUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -GivenName $user.firstname -Surname $user.name -Office $Office -Description $Description -PasswordNotRequired $True -ChangePasswordAtLogon $true -Enabled $True -Email $Email -Path $OU
}
如何解决这个问题,因为我想为新生设置一个默认密码
谢谢!
我强烈建议您开始在需要大量参数的 cmdlet 上使用Splatting。
可能 userslist.csv 中的 password 字段对于某些用户来说是空的。在这种情况下,它要么是 CSV 中的遗漏,要么是为了让该用户不需要密码。
如果您尝试使用空字符串设置帐户密码,您将收到错误消息。
来自the docs:
User accounts, by default, are created without a password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. The user account will still be created and you may use Set-ADAccountPassword to set the password on that account. In order to ensure that accounts remain secure, user accounts will never be enabled unless a valid password is set or PasswordNotRequired is set to $True.
问题是:$SAM = $AccountName + 21是什么意思??
Import-Module ActiveDirectory
Import-Csv -Delimiter ";" -Path ".\userslist.csv" | ForEach-Object {
$fullName = ('{0} {1}' -f $_.firstname, $_.name).Trim()
$userParams = @{
Name = $fullName
SamAccountName = '{0}21' -f $_.AccountName # 21 is the year the sudent starts
UserPrincipalName = $_.Email # or construct this: "$($_.AccountName)@yourcompany.com"
DisplayName = $fullName
GivenName = $_.firstname
Surname = $_.name
Office = $_.Office
Description = $_.Description
Enabled = $true
Email = $_.Email
Path = "OU=NewAccts,OU=Students,OU=****,DC=***,DC=com"
}
if ([string]::IsNullOrWhiteSpace($_.password)) {
# no password for this user in the CSV
$userParams['ChangePasswordAtLogon'] = $false
$userParams['PasswordNotRequired'] = $true
}
else {
$userParams['AccountPassword'] = ConvertTo-SecureString $_.password -AsPlainText -Force
$userParams['ChangePasswordAtLogon'] = $true
}
New-ADUser @userParams
}