我正在尋找一種方法,將文本檔案中列出的 AD 計算機從它們可能位于同一 OU 中的任何 AD 組中洗掉。例如,文本檔案包含:
Computer1$
Computer2$
Computer3$
這三臺計算機可能出現的組是:
Group1
Group2
Group3
我在 2016 年的 StackOverflow 上從標題“PowerShell - Remove-ADGroupMember - Locking my admin account”中找到了這個并為我編輯了:
Get-ADGroup -filter 'name -like "Group*"' | Remove-ADGroupMember -Members "Computer3$"
這可以很好地洗掉 "Computer3$!但是當我嘗試用 Foreach 中的變數替換 "Computer3$" 時,它會中斷。這是我的代碼:
$Comps = Get-Content "C:\Users\Administrator\Desktop\Complist.txt"
foreach ($comp in $comps) {
Get-ADGroup -filter 'name -like "Group*"' | Remove-ADGroupMember -Members "$Comps"
}
和錯誤:
Remove-ADGroupMember : Cannot find an object with identity: 'Computer1$
Computer2$ Computer3$' under: 'DC=Domain,DC=local'.
At line:3 char:53
... name -like "Group*"' | Remove-ADGroupMember -Members "$Comps"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : ObjectNotFound: (Computer1...mputer3$:ADP
rincipal) [Remove-ADGroupMember], ADIdentityNotFoundException
FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.Ac
tiveDirectory.Management.Commands.RemoveADGroupMember
任何幫助將不勝感激,在此先感謝您。
uj5u.com熱心網友回復:
$Comps = Get-Content "C:\Users\Administrator\Desktop\Complist.txt"
foreach ($comp in $comps) {
Get-ADGroup -filter 'name -like "Group*"' | Remove-ADGroupMember -Members "$comp"
}
您在回圈中參考$comps(物件組)而不是(物件)。$comp
Import-Module -Name ActiveDirectory
$listofcomputers = Get-Content -Path "$env:HOMEDRIVE\Users\Administrator\Desktop\Complist.txt"
foreach ($computer in $listofcomputers) {
Get-ADGroup -Filter 'name -like "Group*"' | Remove-ADGroupMember -Members ('{0}' -f $computer)
}
更好的變數命名在這里會有所幫助。
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/466219.html