问题
I wanted to create the code for the group to check whether the group exist or not exist. However, I couldn't get to work as it was successful adding the user and part members of the group only one but not the other groups because I manage to create a group in active directory and also reading from the csv. Here is my code and the result. Seems I get the error always after it successfully adding the user and including adding the members of the group
Result
#Import required modules
Import-Module ActiveDirectory
# Prompt user for CSV file path
#$filepath = Read-Host -Prompt " Please enter the path to your CSV file".Trim()
#Store the data from Test.csv in the $listusers variable
$filepath = "C:\Test.csv"
# Create a new password for every each users
$securepassword = ConvertTo-SecureString "Password456!" -AsPlainText -Force
# Import the file into a variable
$listusers = Import-Csv $filepath
# Loop through each row and gather information
ForEach ($user in $listusers){
# #Getting values from the CSV headers contains the user's information
$fname = $user.'Frist Name'
$lname = $user.'Last Name'
$username = $user.'Username'
$emailaddress = $user.'Email Address'
$OUpath = $user.'Organizational Unit'
$users = Get-ADUser -Filter {SamAccountName -like $username}
# Echo output for the each new user
echo "Account created for $fname $lname in $OUpath"
#Check to see if the user already exists in AD
if ($users) # or (Get-ADUser -Filter {SamAccountName -eq $username})
{
#If user does exist, give a warning
Write-Warning "A user account with username $username already exist in Active Directory."
}
else
{
#if the user does not exist then proceed to create new account
# Create new AD user for each user read from the CSV file.
# The new account will be in created in OU directory path by the $Path variable
New-ADUser `
-SamAccountName $username `
-Name "$fname $lname" `
-GivenName $fname `
-Surname $lname ` -UserPrincipalName "$username@Razorfc.net" `
-Path $OUpath `
-AccountPassword $securepassword `
-EmailAddress $emailaddress `
-Enabled $True
}
}
#Add members of the group
Foreach($user in $listusers){
#Getting values from the CSV headers
$username = $user.'Username'
$groupmember = $user.'GroupName'
$groupmember2 = $user.'GroupName2'
$groupmember3 = $user.'GroupName3'
$GroupExists = Get-ADGroup -Filter {SamAccountName -like $groupmember}
$GroupExists2 = Get-ADGroup -Filter {SamAccountName -like $groupmember2}
$GroupExists3 = Get-ADGroup -Filter {SamAccountName -like $groupmember3}
$Members = Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName
$Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Select -ExpandProperty SAMAccountName
$Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Select -ExpandProperty SAMAccountName
##Check to see if the user is already member in AD. If the user is not a member it will then add into the members of the group
if($Members -contains $username) {
Write-Host "$username is member of $groupmember".Trim()
Write-Host "$username is member of $groupmember2".Trim()
Write-Host "$username is member of $groupmember3".Trim()
}
if ($GroupExists , $GroupExists2 , $GroupExists3){
Write-Warning "A group name $groupmember, $groupmember2, $groupmember3 did not exsist"
}
else {
Write-Host "$Username is not a member. Adding the account now".Trim()
#Add members of the group
add-ADGroupMember -Identity $groupmember -Members $Username
add-ADGroupMember -Identity $groupmember2 -Members $Username
add-ADGroupMember -Identity $groupmember3 -Members $Username
}
}
#Exit the program
Read-Host -Prompt "Press Enter to exit.".Trim()
This is the error:
Account created for John Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username John Doe already exist in Active Directory.
Account created for Jake Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jake Doe already exist in Active Directory.
Account created for Jane.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jane.D already exist in Active Directory.
Account created for Jim.Doe in OU=Users,OU=Razorfc,DC=Razorfc,DC=net
WARNING: A user account with username Jim.Doe already exist in Active Directory.
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
John Doe is member of DL_Razorfc
John Doe is member of SI & Joko World's
John Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jake Doe is member of DL_Razorfc
Jake Doe is member of SI & Joko World's
Jake Doe is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jane.D is member of DL_Razorfc
Jane.D is member of SI & Joko World's
Jane.D is member of PAN CI
WARNING: A group name DL_Razorfc, SI & Joko World's, PAN CI did not exsist
Get-ADGroupMember : Cannot find an object with identity: 'SI & Joko World's' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:73 char:17
+ ... $Members2 = Get-ADGroupMember -Identity $groupmember2 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (SI & Joko World's:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember : Cannot find an object with identity: 'PAN CI' under: 'DC=Razorfc,DC=net'.
At C:\Create Users Read From CSV and Adding to the group members by John Doeo Han Xiang.ps1:74 char:17
+ ... $Members3 = Get-ADGroupMember -Identity $groupmember3 -Recursive | Se ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (PAN CI:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Jim.Doe is member of DL_Razorfc
Jim.Doe is member of SI & Joko World's
Jim.Doe is member of PAN CI
回答1:
As you stated, the users are successfully added to the AD and then only you are getting the error. So you can avoid the error using two ways. You can try using
Get-ADGroupMember -Identity $groupmember -Recursive | Select -ExpandProperty SAMAccountName | -ErrorAction SilentlyContinue
or you could try like this
try {
Get-ADComputer -Identity “something”
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Warning “AD computer object not found”
}
catch {}
来源:https://stackoverflow.com/questions/51908411/check-if-a-group-exists-in-ad-using-powershell