问题
I'm trying to create a new group in the DomainLocal with Powershell but my code below is not working. I don't get an error, but nor does it create the group in the path given.
Function AD{
Param (
[Parameter (Mandatory=$true)] [STRING] $ProjectCode
)
#setting up Folder template path and name for folders
$ProjectName = "$($ProjectCode)"
$Folder = "C:\FunctionOutputs\ProjectFolders"
$ProjectFolder = " $Folder\$($ProjectName)"
#establishing AD group and member naming conventions
$adminName = "AB_"+$ProjectName+"_CDE_ADMIN_LCL"
$adminName
#check that new $ProjectFolder exists to create "_ADMIN_LCL" group
if(Test-Path -Path $ProjectFolder){
New-ADGroup -Name $adminName -GroupScope DomainLocal -DisplayName $adminName -Path "OU=Groups, OU=Test, OU=Ohio, OU=NA, DC=aws, DC=example, DC=com" -Verbose
}
}
回答1:
If you're getting no output at all, that likely means that
Test-Path -Path $ProjectFolder
is returning False. That is, the project directory doesn't exist, so it doesn't even try to create the group. If you are calling this with a new project name that you have not previously created a directory for, then that's expected, since you're not creating the folder in this code.
If you would like to create the directory, you can use:
New-Item $ProjectFolder -ItemType Directory
Also, this is suspicious:
-Path "OU=Groups, OU=Test, OU=Ohio, OU=NA, DC=aws, DC=example, DC=com"
Distinguished names in AD don't have spaces after the commas. As-is, that would throw an exception.
来源:https://stackoverflow.com/questions/58936218/adding-an-active-directory-group-with-powershell