在AD的管理脚本中,基本都是通过ADSI接口获取AD操作接口,其中涉及PowerShell的原生cmdlets的都大同小异。今天看看AD下的Function中的脚本,有新东西可以学习。
## =====================================================================
## Title : Add-IADGroupMember
## Description : Add one or more objects to a group in Active Directory.
## Author : Idera
## Date : 8/11/2009
## Input : Add-IADGroupMember [[-MemberDN] <String[]>]
##
## Output : No Output
## Usage :
## 1. Add the domain administrator account to the QA group
## Get-IADGroup QA | Add-IADGroupMember -MemberDN 'CN=Administrator,CN=Users,DC=domain,DC=com'
##
## 2. Add multiple accounts to the QA group
## $members = Get-IADUser -Name QAUser* | Foreach-Object { $_.distinguishedName }
## Get-IADGroup QA | Add-IADGroupMember -MemberDN $members
##
## Notes :
## Tag : group, member, activedirectory
## Change log :
## =====================================================================
filter Add-IADGroupMember {
param(
[string[]]$MemberDN = $(Throw "MemberDN cannot be empty.")
)
if($_ -is [ADSI] -and $_.psbase.SchemaClassName -eq 'group')
{
$group = $_
trap {
Write-Error $_
continue
}
$MemberDN | Where-Object {$_} | ForEach-Object { $null = $group.member.add($_) }
$group.psbase.commitChanges()
}
else
{
Write-Warning "Wrong object type, only Group objects are allowed."
}
}
第23行的filter是PowerShell的关键字,代表这是在PowerShell的管道中对所有对象进行的过滤操作。
还有一个符号是$_,代表的是管道中当前值的变量。
这个脚本中涉及的新知识点就这两部分。