我正在尝试使用CSV文件将用户列表添加到我在租户中设置的AzureAD组。看起来脚本正在工作,但是由于某种原因,我的一个If语句中的一个特定的write-host没有像预期的那样显示变量数据。我在所有其他write-host中使用相同的变量,它们都可以工作,所以我不确定我在这里错过了什么。
如果需要的话,我的CSV是这样的:
Name,InvitedUserEmailAddress
Test User01,testuser01@gmail.com
Test User02,testuser02@gmail.com
这是我的简化PS片段。
$users = import-csv "D:UserListTest1.csv"
$groupID = Get-AzureADGroup -SearchString "TestGroup" | Select-Object ObjectId, displayname
foreach ($email in $users) {
# Pull usersAAD email list from AzureAD
$usersAAD = Get-AzureADUser -SearchString $($email.InvitedUserEmailAddress) | Select-Object ObjectId, displayname, mail
# Users from CSV not in AzureAD
if ($usersAAD.mail -eq $null) {
Write-Host "User $($usersAAD.displayname) does not exist in AzureAD" -ForegroundColor Red
}
else {
# Pull AzureAD user group membership from users that exist in AzureAD
$ExistingGroups = Get-AzureADUserMembership -ObjectId $usersAAD.ObjectId | Select-Object displayname, objectid
# Users that are already members of the AzureAD group
if ($ExistingGroups.ObjectId -eq $groupID.objectId) {
Write-Host "$($usersAAD.displayname) already exists in $($groupID.displayname)" -ForeGroundColor Yellow
}
else {
# Add users to AzureAD group if they are not already part of AzureAD group
Add-AzureADGroupMember -ObjectId $groupID.ObjectId -RefObjectId $usersAAD.ObjectId
Write-Host "Added $($usersAAD.displayname) to $($GroupID.displayname)" -ForeGroundColor Green
}
}
}
问题是下面If语句的write-host结果,当用户已经在组中时发生。
# Users from CSV not in AzureAD
if ($usersAAD.mail -eq $null) {
Write-Host "User $($usersAAD.displayname) does not exist in AzureAD" -ForegroundColor Red
}
在我的例子中,testuser02@gmail.com不存在于我的AzureAD租户,所以我期待一个红色文本显示"用户testuser02@gmail.com不存在于AzureAD"对于这个用户。相反,我看到了以下输出。测试User01工作正常,但我的测试User02不是。对不起,格式不好。
Test User01 already exists in TestGroup
User does not exist in AzureAD
为什么对于已经是组的一部分的用户它会有一个空值?它甚至在输出中添加了一个空格。我也试过删除。displayname对象,但它没有任何帮助。
一个可能与它有关的奇怪的事情是我的$usersAAD变量在我运行整个东西之后似乎是空的。如果我在整个程序运行之后执行write-host $usersAAD(即使它正确地邀请了用户),它不会返回任何结果。
如注释中所解释的,当条件$usersAAD.mail -eq $null为$true时,"User $($usersAAD.displayname) does not...指的是一个不存在的对象($null),这就是为什么在您的输出中您得到User does not exist in AzureAD。要解决这个问题,您可以参考集合(Csv中的项目($email)。
)。这是我对你的代码和所说的修复的看法,以及一些内联注释,以帮助你思考过程。
$groupID = Get-AzureADGroup -SearchString "TestGroup"
foreach ($email in Import-Csv "D:UserListTest1.csv") {
# if this user exists in Azure AD
if ($usersAAD = Get-AzureADUser -SearchString $email.InvitedUserEmailAddress) {
# get the membership
$ExistingGroups = Get-AzureADUserMembership -ObjectId $usersAAD.ObjectId
# and check if the test group is part of the user membership
# (notice `-contains` here is faster than `-eq` !!!)
if ($ExistingGroups.ObjectId -contains $groupID.objectId) {
Write-Host "$($usersAAD.displayname) already exists in $($groupID.displayname)" -ForeGroundColor Yellow
# if this condition was `$true` just go to the next item in our loop
continue
}
# if we're here above condition was `$false`, so add this user to the test group
Add-AzureADGroupMember -ObjectId $groupID.ObjectId -RefObjectId $usersAAD.ObjectId
Write-Host "Added $($usersAAD.displayname) to $($GroupID.displayname)" -ForeGroundColor Green
# and go to next item in loop
continue
}
# if we're here we can assume the user did not exist in Azure AD, hence:
Write-Host "User $($email.Name) does not exist in AzureAD" -ForegroundColor Red
}