我有一个脚本,该脚本根据csv中的电子邮件匹配联系人,我可以使用get-adobject -ldapfilter找到联系人,但是当我尝试将联系人添加为经理时,添加失败,指出找不到联系人。 它声称找不到的联系人显然存在于目录中。
此行将找到联系人:
$rmanager = Get-ADObject -SearchBase 'OU=workplace,OU=Contacts,DC=office,DC=com' -ldapfilter "(&(objectclass=contact)(name=$fname*)(name=*$lname))"
找到有问题的联系人的示例...
PS C:temp> Get-ADObject -SearchBase 'OU=workplace,OU=Contacts,DC=office,DC=com' -ldapfilter "(&(objectclass=contact)(name=$fname*)(name=*$lname))"
DistinguishedName Name ObjectClass ObjectGUID
----------------- ---- ----------- ----------
CN=Nick Hill,OU=workplace,OU=Contacts,DC=office,DC=com Nick Hill contact b649bd7e-aac9-4d4b-8203-b6a79f35b91
但是,与设置广告用户的这条线将失败,说明它找不到明显存在的联系人......
get-aduser -f {mail -eq $username} |set-aduser -Manager "$rmanager"
set-aduser : Identity info provided in the extended attribute: 'Manager' could not be resolved. Reason: 'Cannot find an object with identity: 'CN=Nick Hill,OU=Workplace,OU=Contacts,DC=office,DC=com' under: 'DC=Office,DC=com'.'.
我刚刚测试了这个,它有效:
a. 获得区分联系人姓名:
$contactDN = Get-ADObject -LDAPFilter "(&(objectClass=contact)(givenName=firstname)(sn=lastname))"
| Select-Object -ExpandProperty DistinguishedName
b. 获取用户对象并替换manager属性:
Get-ADUser username | Get-ADObject | Set-ADObject -Replace @{"manager" = $contactDN}