window server 2022 AD域控怎样使用命令或脚本批量导入&导出&创建用户及绑
内容介绍:本文为AD域控用户管理高级篇,主要讲解怎样使用命令,批量创建新用户及安全组并绑定相应安全组,批量导入导出用户信息,查询用户、安全组、组织单位详细信息等内容,实用于域内用户较多的场景。
1 、表现用户全部属性信息
PS C:\Users\Administrator>get-aduser -identity zhangs -Properties * (powershell执行)
-identity 使用SamAccountName (用户登录名,如lis) https://img-blog.csdnimg.cn/direct/c4693b67a1134c39aa0415bf10c66755.png
2 、批量导出域内用户到.csv文件中
打开域控powershell,执行以下命令:
PS C:\Users\Administrator> Get-ADUser -Filter * -Properties * -SearchBase "OU=中车集团,DC=adsrvtest01,DC=com" | select SamAccountName, name, displayname, Givenname, Surname,DistinguishedName, Department, UserPrincipalName, City, Office, StreetAddress, State, Title, Company, OfficePhone, HomePhone, MobilePhone, emailaddress, Enabled | export-csv -path c:\export-ou.csv -Encoding Unicode -NoTypeInformation (其中写用户组织单位,DC为域名前缀) https://img-blog.csdnimg.cn/direct/c704eec9e020492d96562f5bd1d6c1a7.png
导出的csv文件内容如下
SamAccountName,"name","displayname","Givenname","Surname","DistinguishedName","Department","UserPrincipalName","City","Office","StreetAddress","State","Title","Company","OfficePhone","HomePhone","MobilePhone","emailaddress","Enabled"
zhangs,"张三zhangs","张三zhangs","三","张","CN=张三zhangs,OU=运维管理部,OU=公司,OU=团体,DC=adsrvtest01,DC=com","运维管理部","zhangs@adsrvtest01.com",,"方庄大厦202",,,"运维工程师","信息公司","18001013122",,"1821040000","zhongc@163.com","True"
lis,"李四lis","李四lis","四","李","CN=李四lis,OU=运维管理部,OU=公司,OU=团体,DC=adsrvtest01,DC=com",,"lis@adsrvtest01.com",,,,,,,,,,,"True"
表头字段解释:
SamAccountName:用户登录名或账户名
name:姓名
displayname:表现名称
Givenname:名
Surname:姓
DistinguishedName:完全限定名,用于表现对象在活动目次中完整的路径
UserPrincipalName:UPN,是客户端进行身份验证的服务的用户主体名称,即用户登录名@域名 例如zhangs@adsrvtest01.com
Company:公司
Department:部门
Title:职务
City:都会
Office:办公室
Description:描述
State:状态
EmailAddress:邮箱
OfficePhone:办公电话
MobilePhone:移动电话
HomePhone:家庭电话
3 、批量获取域控上全部的OU(组织单位)
PS C:\Users\Administrator>Get-ADOrganizationalUnit -Filter 'Name -like "*"' https://img-blog.csdnimg.cn/direct/17d345f5070946c4a072f5da1932c51a.png
4、根据csv文件批量创建导入用户(不绑定组)
打开域控powershell,执行以下命令:
PS C:\Users\Administrator>Import-Csv'C:\user-list.csv' | ForEach-Object {New-ADUser -name $_.name -SamAccountName $_.SamAccountName -Givenname $_.Givenname -Surname $_.Surname -displayname $_.displayname-Description $_.Description -Department $_.Department-Company $_.Company-MobilePhone $_.MobilePhone -emailaddress $_.emailaddress-UserPrincipalName $_.UserprincipalName -Path $_.Path -AccountPassword( ConvertTo-SecureString-String "Admin@123" -AsPlainText -Force )-Enabled 1 -ChangePasswordAtLogon 1 }
参数解释:import-csv后面跟的是csv文件的完整路径 5、根据csv文件批量导入用户并绑定安全组(需要提前创建好安全组)
b.打开域控powershell,执行以下命令:
PS C:\Users\Administrator> Import-Csv"C:\user-list.csv" | ForEach-Object {New-ADUser -name $_.name -SamAccountName $_.SamAccountName -Givenname $_.Givenname -Surname $_.Surname -displayname $_.displayname-Description $_.Description -Department $_.Department-Company $_.Company-MobilePhone $_.MobilePhone -emailaddress $_.emailaddress-UserPrincipalName $_.UserprincipalName -Path $_.Path -AccountPassword( ConvertTo-SecureString-String "Admin@123" -AsPlainText -Force )-Enabled 1 -ChangePasswordAtLogon 1 ; Add-ADGroupMember -identity $_.Group1 -Members $_.SamAccountName ; Add-ADGroupMember -identity $_.Group2 -Members $_.SamAccountName ; Add-ADGroupMember -identity $_.Group3 -Members $_.SamAccountName ;} 执行之后会报错,但查看用户可以乐成创建并加入到了相应的组
https://img-blog.csdnimg.cn/direct/5a173b4ada77451da5591fa3ec1f559d.png
https://img-blog.csdnimg.cn/direct/e363309fc2ab4a8a9b2fdae16ae44bd1.png
https://img-blog.csdnimg.cn/direct/b40a4f774be24e1fb545f16c324bdf83.png
6、根据csv文件批量导入用户并绑定安全组(需要提前创建好ou-组织单位)
b.打开powershell,执行以下命令:
PS C:\Users\Administrator> Import-Csv"C:\user-list.csv" | ForEach-Object {New-ADGroup -name $_.Groupname-GroupCategory $_.Grouptype-GroupScope $_.Groupscope -Path $_.Path -description $_.description ; New-ADUser -name $_.name -SamAccountName $_.SamAccountNam -Givenname $_.Givenname -Surname $_.Surname-displayname $_.displayname-UserPrincipalName $_.UserprincipalName -Description $_.description -Department $_.Department-Company $_.Company-MobilePhone $_.MobilePhone -emailaddress $_.emailaddress-Path $_.Path -AccountPassword( ConvertTo-SecureString-String "Admin@123" -AsPlainText -Force )-Enabled 1 -ChangePasswordAtLogon 1 ;Add-ADGroupMember -identity $_.Group1 -Members $_.Grouppath ; Add-ADGroupMember -identity $_.Group2 -Members $_.Grouppath ; Add-ADGroupMember -identity $_.Group3 -Members $_.Grouppath ;Add-ADGroupMember -identity $_.Group4 -Members $_.Grouppath ;}
测试用户跟组可以创建,但无法加入到对应的安全组中,估计csv文件做的还是有问题 https://img-blog.csdnimg.cn/direct/561f2a3212614cfd9dfc9effccffc511.png
7、AD域批量创建安全组
b.打开域控powershell,执行以下命令:
PS C:\Users\Administrator> Import-csv -path "C:\group-list - .csv" |foreach {new-adgroup -name $_.name-GroupCategory $_.grouptype-GroupScope $_.groupscope -path $_.Path -description $_.description} https://img-blog.csdnimg.cn/direct/27f410b2b99c4506a53e632fae120d68.png
https://img-blog.csdnimg.cn/direct/f20535071aa940a1b2ee317a5170f305.png
8 、批量创建ou(组织单位)
案例
某网团体在天下各地都有分公司,需要为每个分公司的每个部门配置一个ou
a.先创建一个公司的csv文件,表头如下,格式要为ANSI,否则中文会乱码
https://img-blog.csdnimg.cn/direct/30c4b3742f4a48a69e3392deeb810b08.png
b.以管理员打开cmd,执行以下命令,批量创建分公司
for /f"tokens=1 delims=," %a in (c:\branch.csv) do dsadd ou "ou=%a,ou=嘉创优网集团,dc=adsrvtest01,dc=com" https://img-blog.csdnimg.cn/direct/f700ddc70c7e4de4bac175789ca82223.png
查看分公司是否乐成创建
https://img-blog.csdnimg.cn/direct/fec945adef934fcda7a8d744ed72064b.png
c.在准备一个csv文件,里面写给分公司的部门,如下图
d.在cmd输入以下命令创建分公司,部门ou
for /f"tokens=1 delims=," %a in (c:\bm.csv) do dsadd ou "ou=%a,ou=北京分公司,ou=嘉创优网集团,dc=adsrvtest01,dc=com" https://img-blog.csdnimg.cn/direct/3a13faf3047140fcae238360823ee6fc.png
https://img-blog.csdnimg.cn/direct/d44ff3131bee497e8b09e1e447c9dd2b.png
注意:这种命令创建出来的ou是可以被删除的
为了避免其他用户可以删除ou,在powershell将ou设置为防止对象被意外删除
在powershell 加载ad模块,查询没有设置防止对象被意外删除的ou,
e.powershell执行以下命令进行查询:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft https://img-blog.csdnimg.cn/direct/cf40b0fe6ec04a73937c0f865fbcc1bc.png
f.修改ou为“防止对象被意外删除”
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} |Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true https://img-blog.csdnimg.cn/direct/f48c41478c5f42b6b3b2eccba791fb71.png
其它的分公司创建部门ou也是同样的方法
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]