如何修复不能转换system.object[]错误

Question

在运行此脚本时，我收到以下错误：

无法将“'Microsoft.ActiveDirectory.Management.ADGroup‘”转换为参数“Identity”所需的System.Object[]类型。不支持指定的方法。

此外，用户从Win7组移动到Win10组，但取决于他们是否是if语句中其他组的成员，if语句中的任何组都不会为任何用户移动。请帮帮忙。

仅供参考，userlist文件在文本文件中包含用户名，如下所示：

jsmith
ksmith
etc.

grouplist文本文件包含以下Active Directory组：

Nitro7
Project7
Visio7
Zoom7
SnagIt7
OneNote7

代码：

Import-Module ActiveDirectory

$users = Get-Content -Path .\userlist.txt
$group = Get-Content -Path .\grouplist.txt
$members = Get-ADGroupMember -Identity $group -Recursive


foreach ($user in $users){
Remove-ADGroupMember -Identity "Win7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Win10" -Members $user -Confirm:$false -Verbose

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "Nitro7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Nitro10" -Members $user -Confirm:$false -Verbose
}

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "Project7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Project10" -Members $user -Confirm:$false -Verbose
}

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "OneNote7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "OneNote10" -Members $user -Confirm:$false -Verbose
}

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "Zoom7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Zoom10" -Members $user -Confirm:$false -Verbose
}

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "SnagIt7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "SnagIt10" -Members $user -Confirm:$false -Verbose
}

If ($members.SamAccountName -contains $user) {
Remove-ADGroupMember -Identity "Visio7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Visio10" -Members $user -Confirm:$false -Verbose
}
}

Answer 1

-Identity属性是Get-ADGroupMember的单例，而不是数组。

但是，-Identity属性确实接受用于输入的管道。所以，你也许可以做这样的事情：

$members = $group | Get-ADGroupMember -Recursive

尽管，IMX中的一些AD命令由于它们的存在而有些不稳定。我想你可能需要这样做：

$members = foreach ($g in $group) { Get-ADGroupMember -Identity $g -Recursive }

然而，您的脚本的其余部分有一种混乱的逻辑，所以我无法真正知道您打算做什么。

{狙击]

根据你的评论，我会这么做。

首先，我会更改你的组文件。与组的纯文本列表不同，我会将它变成一个CSV文件，其中包含两列:旧组和新组。

所以，grouplist.csv看起来是这样的：

"OldGroupName","NewGroupName"
"Nitro7","Nitro10"
"OneNote7","OneNote10"
"Project7","Project10"
"SnagIt7","SnagIt10"
"Visio7","Visio10"
"Win7","Win10"
"Zoom7","Zoom10"

现在，您已经为每个老组和要将用户迁移到的组提供了一个映射。

现在，我们这样做：

$users = Get-Content .\userlist.txt
$groups = Import-Csv .\grouplist.csv

foreach ($group in $groups) {
    $UsersToModify = Get-ADGroupMember $group.OldGroupName -Recursive | Where-Object SamAccountName -in $users
    Remove-ADGroupMember -Identity $group.OldGroupName -Members $UsersToModify -Confirm:$false -Verbose -WhatIf
    Add-ADGroupMember -Identity $group.NewGroupName -Members $UsersToModify -Confirm:$false -Verbose -WhatIf
}

[注意:删除-WhatIf以实际执行操作。]

对于每个组，我们获得组成员的列表，将其过滤为$users中的用户名，并将其保存到$UsersToModify中。然后，我们将用户列表传递给Remove和Add命令。我们只需要每组一次就可以了。

我知道Win7到Win10有一个特殊的例外，但我不认为脚本的逻辑需要改变才能适应这种情况。如果希望始终将$users中的所有用户添加到Win10中，可以手动添加：

$UsersToAddtoWin10 = $users | Get-ADUser
Add-ADGroupMember -Identity Win10 -Members $UsersToAddtoWin10 -Confirm:$false -Verbose -WhatIf

Answer 2

让我们看看这是否适合您，考虑到您的$user和$group列表与您所显示的完全相同.

#get your users...

$users = Get-Content -Path .\userlist.txt

#get your groups...

$groups = Get-Content -Path .\grouplist.txt

#for each user...

foreach ($user in $users) {

    #get their group memberships, expand the property...

    $memberOf = Get-ADUser -Identity $user -Properties MemberOf | Select -ExpandProperty memberof

    #for each membership found in $groups that also ends in '7'...

    foreach ($membership in ($memberOf | Where-Object {($_ -match ($groups -join "|")) -and ($_ -like '*7')})) {

        #remove the user from the matched group...

        Remove-ADGroupMember -Identity $membership -Members $user -Confirm:$false

        #add the user to a group with the same name, replacing 7 with 10...

        Add-ADGroupMember -Identity $membership.Replace("7","10") -Members $user -Confirm:$false

    }

}

重要

请注意，此-match运算符将返回$groups中也以7结尾的任何其他组。如果有与存储在$groups中的条件相匹配的其他组名，则需要对$membership迭代的$memberOf进行更多筛选。

此脚本还将用'10‘替换$membership (匹配组的DistinguishedName)中字符'7’的每个实例，以便将$user添加到新组中。所以，确保这不是个问题。

Answer 3

Import-Module ActiveDirectory

$users = Get-Content -Path .\userlist.txt

foreach ($user in $users){

Remove-ADGroupMember -Identity "View_Win7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "View_Win10" -Members $user -Confirm:$false -Verbose

[array]$grps=Get-ADUser $user -Property memberOf | Select -ExpandProperty memberOf | Get-ADGroup | Select Name

foreach($grp in $grps){

if($grp.Name -match "Nitro7") {
Remove-ADGroupMember -Identity "Nitro7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Nitro10" -Members $user -Confirm:$false -Verbose
}

If ($grp.Name -match "Project7") {
Remove-ADGroupMember -Identity "Project7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Project10" -Members $user -Confirm:$false -Verbose
}

If ($grp.Name -match "OneNote7") {
Remove-ADGroupMember -Identity "OneNote7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "OneNote10" -Members $user -Confirm:$false -Verbose
}

If ($grp.Name -match "Zoom7") {
Remove-ADGroupMember -Identity "Zoom7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Zoom10" -Members $user -Confirm:$false -Verbose
}

If ($grp.Name -match "SnagIt7") {
Remove-ADGroupMember -Identity "SnagIt7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "SnagIt10" -Members $user -Confirm:$false -Verbose
}

If ($grp.Name -match "Visio7") {
Remove-ADGroupMember -Identity "Visio7" -Members $user -Confirm:$false -Verbose
Add-ADGroupMember -Identity "Visio10" -Members $user -Confirm:$false -Verbose
}
}
}