N 天后从组中删除用户
Removing a user from a group after N days
我正在尝试创建一个每天通过任务执行的 PowerShell 脚本。该任务将检查用户成为 AD 组成员的时间是否超过 7 天。如果是这样,该用户将被删除。
数据从 CSV 文件导入,我们将在其中插入用户添加到组的日期:
samaccountname,Date
user 1,20/01/2022
user2,06/02/2022
这是我写的代码:
$users = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
Import-Csv $users
foreach ($user in $Users)
{
$CheckDate2 = get-date ($user.'Date').AddDays(7)
$CheckDate1 = get-date ($user.'Date')
if ($CheckDate1 -lt $CheckDate2){
exit
}
else{
Remove-ADGroupMember -Identity "Group Name" -Members $user.samaccountname -Confirm:$false
}
}
这是我收到的错误:
You cannot call a method on a null-valued expression.
At line:8 char:1
+ $CheckDate2 = get-date ($user.'Date').AddDays(7)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Get-Date : Cannot bind parameter 'Date' to the target. Exception setting "Date": "Cannot convert null to type "System.DateTime"."
At line:9 char:24
+ $CheckDate1 = get-date ($user.'Date')
+ ~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (:) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.PowerShell.Commands.GetDateCommand
Remove-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:16 char:68
+ ... tity "Group Name" -Members $user.samaccountname -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
您的 foreach 循环正在枚举 $users,其值为 "C:\Path to CSV\File.csv"。这意味着将有一个循环迭代,其中 $user 的值为 "C:\Path to CSV\File.csv"。因为 [String] class 没有 Date 属性, 这个...
($user.'Date').AddDays(7)
...实际上是这样...
($null).AddDays(7)
...因此出现错误。您也没有对 Import-Csv $users 的输出做任何事情,因此您需要将其收集到某处进行处理;将其存储在变量中...
$usersPath = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
$users = Import-Csv $usersPath
foreach ($user in $users)
{
# ...
...或者,更好的是,直接循环输出以在读取记录时处理记录...
$usersPath = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
foreach ($user in Import-Csv $usersPath)
{
# ...
为了清楚起见,我将您最初的 $users 变量重命名为 $usersPath;以这种方式重用变量可能会令人困惑和意外。
即使修复了循环,您仍然需要更改括号...
get-date ($user.'Date').AddDays(7)
...到此...
(get-date $user.'Date').AddDays(7)
...使用 $user.'Date' 和 的值创建一个 [DateTime],然后 在结果上调用 AddDays(7)。请注意,您不需要引用名称中不包含空格的 属性,因此您可以将其简化为...
(get-date $user.Date).AddDays(7)
此外,您正在将用户的 Date 与 Date + 7d 进行比较,后者始终为 $true。相反,您想测试今天是否超过 7 天的会员限制...
$today = (Get-Date).Date # Ignore the TimeOfDay portion so the expiration happens on a day boundary
$userAddedDate = Get-Date ($user.Date)
$maxGroupMembershipTime = New-TimeSpan -Day 7
if ($today - $userAddedDate -gt $maxGroupMembershipTime)
# Alternative: if ($userAddedDate + $maxGroupMembershipTime -lt $today)
{
# ...
最后,您有条件地 exit 循环,这意味着将不会处理进一步的用户记录或脚本中的任何其他内容。要跳过该用户,您可以将 exit 替换为 continue,或者让控制权落到 foreach 块的末尾...
$usersPath = "C:\Path to CSV\File.csv"
$today = (Get-Date).Date # Ignore the TimeOfDay portion so the expiration happens on a day boundary
$maxGroupMembershipTime = New-TimeSpan -Day 7
Import-Module ActiveDirectory
foreach ($user in Import-Csv $usersPath)
{
$userAddedDate = Get-Date ($user.Date)
if ($today - $userAddedDate -gt $maxGroupMembershipTime)
# Alternative: if ($userAddedDate + $maxGroupMembershipTime -lt $today)
{
Remove-ADGroupMember -Identity "Group Name" -Members $user.samaccountname -Confirm:$false
}
}
我将 $today 的初始化移到了循环之外,因为实际上没有必要在每次迭代时都设置它,并确保无论脚本何时执行,每个用户都获得相同的“今天”日期。
我正在尝试创建一个每天通过任务执行的 PowerShell 脚本。该任务将检查用户成为 AD 组成员的时间是否超过 7 天。如果是这样,该用户将被删除。 数据从 CSV 文件导入,我们将在其中插入用户添加到组的日期:
samaccountname,Date
user 1,20/01/2022
user2,06/02/2022
这是我写的代码:
$users = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
Import-Csv $users
foreach ($user in $Users)
{
$CheckDate2 = get-date ($user.'Date').AddDays(7)
$CheckDate1 = get-date ($user.'Date')
if ($CheckDate1 -lt $CheckDate2){
exit
}
else{
Remove-ADGroupMember -Identity "Group Name" -Members $user.samaccountname -Confirm:$false
}
}
这是我收到的错误:
You cannot call a method on a null-valued expression.
At line:8 char:1
+ $CheckDate2 = get-date ($user.'Date').AddDays(7)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Get-Date : Cannot bind parameter 'Date' to the target. Exception setting "Date": "Cannot convert null to type "System.DateTime"."
At line:9 char:24
+ $CheckDate1 = get-date ($user.'Date')
+ ~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (:) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.PowerShell.Commands.GetDateCommand
Remove-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:16 char:68
+ ... tity "Group Name" -Members $user.samaccountname -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
您的 foreach 循环正在枚举 $users,其值为 "C:\Path to CSV\File.csv"。这意味着将有一个循环迭代,其中 $user 的值为 "C:\Path to CSV\File.csv"。因为 [String] class 没有 Date 属性, 这个...
($user.'Date').AddDays(7)
...实际上是这样...
($null).AddDays(7)
...因此出现错误。您也没有对 Import-Csv $users 的输出做任何事情,因此您需要将其收集到某处进行处理;将其存储在变量中...
$usersPath = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
$users = Import-Csv $usersPath
foreach ($user in $users)
{
# ...
...或者,更好的是,直接循环输出以在读取记录时处理记录...
$usersPath = "C:\Path to CSV\File.csv"
Import-Module ActiveDirectory
foreach ($user in Import-Csv $usersPath)
{
# ...
为了清楚起见,我将您最初的 $users 变量重命名为 $usersPath;以这种方式重用变量可能会令人困惑和意外。
即使修复了循环,您仍然需要更改括号...
get-date ($user.'Date').AddDays(7)
...到此...
(get-date $user.'Date').AddDays(7)
...使用 $user.'Date' 和 的值创建一个 [DateTime],然后 在结果上调用 AddDays(7)。请注意,您不需要引用名称中不包含空格的 属性,因此您可以将其简化为...
(get-date $user.Date).AddDays(7)
此外,您正在将用户的 Date 与 Date + 7d 进行比较,后者始终为 $true。相反,您想测试今天是否超过 7 天的会员限制...
$today = (Get-Date).Date # Ignore the TimeOfDay portion so the expiration happens on a day boundary
$userAddedDate = Get-Date ($user.Date)
$maxGroupMembershipTime = New-TimeSpan -Day 7
if ($today - $userAddedDate -gt $maxGroupMembershipTime)
# Alternative: if ($userAddedDate + $maxGroupMembershipTime -lt $today)
{
# ...
最后,您有条件地 exit 循环,这意味着将不会处理进一步的用户记录或脚本中的任何其他内容。要跳过该用户,您可以将 exit 替换为 continue,或者让控制权落到 foreach 块的末尾...
$usersPath = "C:\Path to CSV\File.csv"
$today = (Get-Date).Date # Ignore the TimeOfDay portion so the expiration happens on a day boundary
$maxGroupMembershipTime = New-TimeSpan -Day 7
Import-Module ActiveDirectory
foreach ($user in Import-Csv $usersPath)
{
$userAddedDate = Get-Date ($user.Date)
if ($today - $userAddedDate -gt $maxGroupMembershipTime)
# Alternative: if ($userAddedDate + $maxGroupMembershipTime -lt $today)
{
Remove-ADGroupMember -Identity "Group Name" -Members $user.samaccountname -Confirm:$false
}
}
我将 $today 的初始化移到了循环之外,因为实际上没有必要在每次迭代时都设置它,并确保无论脚本何时执行,每个用户都获得相同的“今天”日期。