Powershell - 腳本的順序

Question

我想輸入一個用戶使用變量並檢查活動目錄以確認用戶的全名並在運行下一個命令之前暫停腳本。

該腳本運行Get-ADUser便有命令之前暫停命令 - 見下面的腳本

#Enter Username 

$username = read-host "Username" 


Get-ADUser -Filter "Name -eq '$username'" | Select-Object name, samaccountname 

$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") 

#Removes user from groups 

Get-ADPrincipalGroupMembership -Identity $username | where {$_.Name -notlike "Domain Users"} |% {Remove-ADPrincipalGroupMembership -Identity $uSername -MemberOf $_ -Confirm:$false} 

write-output End 

$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") 

Answer 1

根據我的經驗，Get-ADUser和類似的命令可能需要很長的時間來運行，可能長達20秒或所以。很少見的是，我發現它由於在它之前或之後運行的一些命令而使得代碼不可用。如果你想測試一下，看看這是否真的適合你的情況下，在你的代碼添加每隔線之間這條線：

Read-Host -Prompt "Press Enter to continue" 

這樣的話，你可以測試是否有當你們之間的真正區別把那條線放在那裏，如果你不這樣做的話。如果實際存在差異，您可能需要查看start-sleep或wait。

Answer 2

我會做這樣的事情，以讓用戶驗證，因爲我認爲這是你是什麼之後，繼續撤銷用戶組成員

Write-Host "`nEnter the UserName: " -NoNewline -ForegroundColor Yellow 
$UserName = Read-Host 

$UserName = Get-ADUser -Filter "Name -eq '$UserName'" | Select-Object Name, SamAccountName 

Write-Host "`nRevoke membership of all groups for user" $UserName.Name "("$UserName.SamAccountName")?`n [Y]es, [N]o : " -ForegroundColor Yellow -NoNewline 

$Confirmation = Read-Host 


While ("y","yes","n","no" -notcontains $Confirmation) { 

    Write-Host "`nNot a valid input! Please try again ..." -ForegroundColor Red 
    Write-Host "`nRevoke membership of all groups for user" $UserName.Name "("$UserName.SamAccountName")?`n [Y]es, [N]o : " -ForegroundColor Yellow -NoNewline 

    $Confirmation = Read-Host 

} 

If ($Confirmation -eq "n" -or $Confirmation -eq "no") { 

    Write-Host "Aborted!" -ForegroundColor Red 
    Break 

} 

# Next step here! 

# Get-ADPrincipalGroupMembership -Identity $UserName | where {$_.Name -notlike "Domain Users"} |% {Remove-ADPrincipalGroupMembership -Identity $UserName -MemberOf $_ -Confirm:$false} 

Answer 3

只是另一段代碼，這幾樣前更改需要一些正確的日誌記錄和錯誤處理，而我的代碼只能記錄到控制檯，它仍然有用。 它使用確認來代替'暫停'，因此用戶可以選擇繼續或停止。

### CmdletBinding 
# Alows the use of -Whatif(not used), -Confirm, -Verbose and -Debug. 
# Reference: https://technet.microsoft.com/en-us/library/ff677563.aspx 
#   https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.core/about/about_functions_cmdletbindingattribute 
#   https://blogs.technet.microsoft.com/poshchap/2014/10/24/scripting-tips-and-tricks-cmdletbinding/ 
[CmdletBinding(
    SupportsShouldProcess = $true, 
    ConfirmImpact=’High’ 
    )] 

# Script parameters. 
Param(
    [parameter(HelpMessage = "Command parram, not used.")]$Command = "nothing" 
    #Run with PowerShell Fix, reference: https://social.technet.microsoft.com/Forums/office/en-US/fe7fb473-7ed6-4397-9c95-120201c34847/problems-with-powershell-30?forum=winserverpowershell 
    ) 

#Console clean-up. 
Clear-Host 

# Set error action to Stop, if something happens and it isnt inside a trap (try/catch) then stop. 
$ErrorActionPreference = "Stop" 

# Controls the Verbose Output 
$VerbosePreference = "Continue" #Optional 

#Intial message for User execution, whitespace is for the progressbars. 
" 









    Script: Remove-ADUserGroupMembership.ps1 


" 

Write-Verbose "Starting main loop." 
While ($true){ 

    #White space for in between questions. 
    Write-Host " 
    " 

    #Retrieve username from user input. 
    Write-Host "Provide the ADUser for ADGroup removal here:" 
    $Username = read-host "Username" 

    #Retrieve ADUser object from AD. 
    Write-Verbose "Querying Active Directory for user $Username" 
    Try { 
     $ADUser = Get-ADUser $Username 
     Write-Verbose "User Found, $($ADUser.Name) " 
    } 

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] { 
     Write-Warning "Could not find user $Username in Active Directory, check spelling and try again." 
     Continue #this wil reset the while loop 
    } 

    Catch { 
     Write-Warning "Unknown Errror, Could not retrieve user $Username from Active Directory, please try again." 
     Continue #this wil reset the while loop 
    } 

    #Retrieve GroupMembership for user. 
    Write-Verbose "Querying Active Directory for GroupMembership of User $($ADUser.name), exluding Domain Users" 
    Try { 
     $GroupMembership = $ADUser | Get-ADPrincipalGroupMembership | where {$_.Name -notlike "Domain Users"} 
     Write-Verbose "Found $($GroupMembership.count) GroupMemberships for User $($ADUser.name) (Not inluding Domain Users)" 
    } 

    Catch { 
     Write-Warning "Unknown Errror, Could not retrieve GroupMembership for user $($ADUser.Name) from Active Directory, please try again." 
     Continue #this wil reset the while loop 
    } 

    #Remove GroupMembership for user. 
    if ($pscmdlet.ShouldProcess("$($ADUser.name)", "Remove-ADPrincipalGroupMembership {$($GroupMembership.count) Groups}")) { 
     Write-Verbose "Entering GroupMembership removal loop for user $($ADUser.name)" 
     Foreach ($Group in $GroupMembership) { 
      Try {     
       $ADUser | Remove-ADPrincipalGroupMembership -MemberOf $Group -WhatIf -Confirm:$true     
       Write-Verbose "$Group removed from from user $($ADUser.name)" 
      } 

      catch { 
       Write-Warning "An Error occured, could not remove group $Group from user $($ADUser.Name)" 
       Continue #this will skip this group. 
      } 
     } 
    } 

    else { 
     Write-Warning "Action Remove-ADPrincipalGroupMembership {$($GroupMembers.count) Groups} canceled for $($ADUser.name)" 
    } 

    Read-Host "Press Enter to exit." 
    break #exit from while loop 
}