Active-Directory

PowerShell/命令提示符 - 從 AD 組成員創建文件夾

  • September 22, 2009

是否有一個簡單的腳本可以用來提供目標文件夾和我想要使用的 AD 組,它會生成一組包含該 AD 組成員的文件夾並將適當的權限委派給這些文件夾?

我已經dsget group "FQN" -members做到了,它返回了一個 FQN 列表。

這是我正在尋找的一個例子……

SomeADGroup
 member1
 member2
 ...
 memberN


Root Folder - has permission for SomeADGroup (already set up)
   member1 - member1 has modify; other SomeADGroup members, no permissions
   member2 - member2 has modify; other SomeADGroup members, no permissions
   ...
   memberN - memberN has modify; other SomeADGroup members, no permissions

這裡——有。

Option Explicit

' DOMAIN\Group to process
Const DOMAIN = "DOMAIN"
Const GROUP = "Human Resources Department"

' Destination path - Do not append a "\"
Const DESTINATION_PATH = "C:\Test"

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

Dim objNameTranslate, objGroup, strUser, objShell

Set objNameTranslate = CreateObject("NameTranslate")
objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
objNameTranslate.Set ADS_NAME_TYPE_NT4, DOMAIN & "\" & GROUP
Set objGroup = GetObject("LDAP://" & Replace(objNameTranslate.Get(ADS_NAME_TYPE_1779), "/", "\/")) 

set objShell = CreateObject("Wscript.Shell")

For Each strUser in objGroup.Members
   objShell.Run "%COMSPEC% /c mkdir " & DESTINATION_PATH & "\" & strUser.samAccountName
   objShell.Run "CACLS " & DESTINATION_PATH & "\" & strUser.samAccountName & " /E /G " & DOMAIN & "\" & strUser.samAccountName & ":F"
Next ' strUser

快速瀏覽:

設置 DOMAIN、GROUP 和 DESTINATION_PATH。顯然,當您執行此程序時,您必須以有權創建目錄並在 DESTINATION_PATH 下設置權限的使用者身份登錄。

我本可以在 PowerShell 中更高效地完成這項工作,只是我無法忍受 PowerShell 並且不想費心去更深入地了解它。>smile< 同樣,我可能已經使用 FileSystemObject 完成了目錄製作,但這對我來說寫起來更快。我本可以做一些更漂亮的東西而不是 CACLS,但是,嘿,它有效。

引用自:https://serverfault.com/questions/33861