Active-Directory
PowerShell/命令提示符 - 從 AD 組成員創建文件夾
是否有一個簡單的腳本可以用來提供目標文件夾和我想要使用的 AD 組,它會生成一組包含該 AD 組成員的文件夾並將適當的權限委派給這些文件夾?
我已經
dsget group "FQN" -members做到了,它返回了一個 FQN 列表。這是我正在尋找的一個例子……
SomeADGroup member1 member2 ... memberN Root Folder - has permission for SomeADGroup (already set up) member1 - member1 has modify; other SomeADGroup members, no permissions member2 - member2 has modify; other SomeADGroup members, no permissions ... memberN - memberN has modify; other SomeADGroup members, no permissions
這裡——有。
Option Explicit ' DOMAIN\Group to process Const DOMAIN = "DOMAIN" Const GROUP = "Human Resources Department" ' Destination path - Do not append a "\" Const DESTINATION_PATH = "C:\Test" ' Constants for the NameTranslate object. Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 Dim objNameTranslate, objGroup, strUser, objShell Set objNameTranslate = CreateObject("NameTranslate") objNameTranslate.Init ADS_NAME_INITTYPE_GC, "" objNameTranslate.Set ADS_NAME_TYPE_NT4, DOMAIN & "\" & GROUP Set objGroup = GetObject("LDAP://" & Replace(objNameTranslate.Get(ADS_NAME_TYPE_1779), "/", "\/")) set objShell = CreateObject("Wscript.Shell") For Each strUser in objGroup.Members objShell.Run "%COMSPEC% /c mkdir " & DESTINATION_PATH & "\" & strUser.samAccountName objShell.Run "CACLS " & DESTINATION_PATH & "\" & strUser.samAccountName & " /E /G " & DOMAIN & "\" & strUser.samAccountName & ":F" Next ' strUser快速瀏覽:
設置 DOMAIN、GROUP 和 DESTINATION_PATH。顯然,當您執行此程序時,您必須以有權創建目錄並在 DESTINATION_PATH 下設置權限的使用者身份登錄。
我本可以在 PowerShell 中更高效地完成這項工作,只是我無法忍受 PowerShell 並且不想費心去更深入地了解它。>smile< 同樣,我可能已經使用 FileSystemObject 完成了目錄製作,但這對我來說寫起來更快。我本可以做一些更漂亮的東西而不是 CACLS,但是,嘿,它有效。