2016-11-15 104 views
1

我現在正在嘗試爲我們的新用戶自動添加目錄到服務器。我想我已經接近了正確的腳本,但需要一點幫助。如果用戶的company屬性爲1480,則在\\server\hs\sameaccountname中創建文件夾,如果屬性爲1479,則在\\server-elem\samaccountname中創建文件夾。另外正確的執行被分配給這個文件夾給用戶。在服務器上創建用戶目錄並添加權限

#Search AD for HS Students 
$hs = Get-ADUser -filter 'company -eq "1480"' 
$path = "\\hs-ss\students\hs\" 

forEach($user in $hs) { 
    #Create user directory of Storage Server  
    New-Item -Path $path -Name $SamAccountName -ItemType "directory" 
    $ACL = Get-ACL "$path\$SamAccountName" 
    $ACL.SetAccessRuleProtection($true, $true) 
    $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("clasd\$SamAccountName", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow"))) 
    Set-Acl "$Path\$SamAccountName" $ACL 
} 

編輯1

這是我的錯誤:

New-Item : Item with specified name \\hs-ss\students\hs\ already exists. 
At C:\AD_Scripts\psscripts\user_create.ps1:76 char:1 
+ New-Item -Path $path -Name $SamAccountName -ItemType "directory" 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : ResourceExists: (\\hs-ss\students\hs\:String) [New-Item], IOException 
    + FullyQualifiedErrorId : DirectoryExist,Microsoft.PowerShell.Commands.NewItemCommand 

Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated." 
At C:\AD_Scripts\psscripts\user_create.ps1:79 char:1 
+ $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRul ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [], MethodInvocationException 
    + FullyQualifiedErrorId : IdentityNotMappedException 

編輯2

越來越近,因爲該文件夾被創建,但該權限沒有得到添加。

Mode    LastWriteTime  Length Name                                    
----    -------------  ------ ----                                    
d----  11/15/2016 3:26 PM   111111                                   
Get-ACL : Cannot find path '\\hs-ss\students\hs\CN=Test student1,OU=Students,OU=Users,OU=HS,DC=clasd,DC=net.' because it does not exist. 
At C:\AD_Scripts\psscripts\user_create.ps1:80 char:8 
+ $ACL = Get-ACL "$path\$user.$SamAccountName" 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException 
    + FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand 

You cannot call a method on a null-valued expression. 
At C:\AD_Scripts\psscripts\user_create.ps1:81 char:1 
+ $ACL.SetAccessRuleProtection($true,$true) 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidOperation: (:) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

You cannot call a method on a null-valued expression. 
At C:\AD_Scripts\psscripts\user_create.ps1:82 char:1 
+ $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRul ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidOperation: (:) [], RuntimeException 
    + FullyQualifiedErrorId : InvokeMethodOnNull 

Set-Acl : Cannot bind argument to parameter 'AclObject' because it is null. 
At C:\AD_Scripts\psscripts\user_create.ps1:83 char:39 
+ Set-Acl "$Path\$user.$SamAccountName" $ACL 
+          ~~~~ 
    + CategoryInfo   : InvalidData: (:) [Set-Acl], ParameterBindingValidationException 
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAclCommand 

代碼:

#Search AD for HS Students 

$hs = Get-ADUser -filter 'company -eq "1480"' 
$path = "\\hs-ss\students\hs" 
forEach($user in $hs) 
{ 

#$samaccount = $user.SamAccountName 


#Create user directory of Storage Server 

New-Item -Path $path -Name $($User.SamAccountName) -ItemType "directory" | Out-Null 
$ACL = Get-ACL "$path\$user.$SamAccountName" 
$ACL.SetAccessRuleProtection($true,$true) 
$ACL.AddAccessRule((New-Object  System.Security.AccessControl.FileSystemAccessRule("clasd\$user.$SamAccountName","Modify", "ContainerInherit, ObjectInherit", "None", "Allow"))) 
Set-Acl "$Path\$user.$SamAccountName" $ACL 
} 
+0

等什麼不起作用? – 4c74356b41

+0

$ SamAccountName是不是空的?由第一個錯誤判斷看起來是這樣。 – 4c74356b41

+0

當我做一個Get-ADUser時,它返回一個用戶,所以samaccountname不是空的。 Powershell對我來說都是新的,所以我正在學習。 –

回答

0

這肯定看起來像你想再次創建\文件夾HS因爲$ samAccountName屬性是空白。

嘗試,如果你有問題增加更多的輸出:

#Search AD for HS Students 
$hs = Get-ADUser -Filter 'Company -eq "1480"' 
$path = "\\hs-ss\students\hs\" 

forEach($user in $hs) 
{ 
    $UserDirectory = Join-Path -Path $Path -ChildPath $User.SamAccountName 

    if (Test-Path -Path $UserDirectory) 
    { 
     'Directory "{0}" already exists.' -f $UserDirectory | Write-Error 
    } 
    else 
    { 
     try { 
      'Creating directory for "{0}" at "{1}".' -f @($User.SamAccountName,$UserDirectory) | Write-Verbose 
      New-Item $UserDirectory -ItemType Directory -Force 
     } catch { 
      throw 
     } 

     try { 
      'Obtaining Acl of "{0}".' -f $UserDirectory | Write-Verbose 
      $Acl = Get-Acl -Path $UserDirectory 
     } catch { 
      throw 
     } 

     try { 
      'Adding Acl permissions on "{0}".' -f $UserDirectory | Write-Verbose 
      $Acl.SetAccessRuleProtection($true,$true) 
      $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("clasd\$SamAccountName","Modify", "ContainerInherit, ObjectInherit", "None", "Allow") 
      $Acl.AddAccessRule($AccessRule) 
     } catch { 
      throw 
     } 

     try { 
      'Setting Acl on "{0}".' -f $UserDirectory | Write-Verbose 
      Set-Acl -Path $UserDirectory -AclObject $Acl 
     } catch { 
      throw 
     } 
    } 
} 
相關問題