问题描述:

I working on creating a powershell that will disable users based on employee ID on two different domains. The catch is the second domain does not have employee number listed. I am successfully able to get the powershell to function until I place it in a loop. Here is the code:

 import-module activedirectory

$userID = Get-QADUser -Searchroot 'DOMAIN.com/AD' -LdapFilter '(employeeID=#######)'

$ID = $userID.SamAccountNAme

disable-qaduser -Identity DOMAIN2\$id

Set-QADUser "DOMAIN2\$id" -Description "Terminated ##/##"

Disable-ADAccount -identity $ID

Set-ADUser -identity $id -Description "Terminated ##/##"

When I make a loop with a CSV file like this:

$Snapin = Get-PSSnapin | Select Name

if ($Snapin -match 'Quest.ActiveRoles'){}else{Add-PSSnapin quest.ActiveRoles*}

$Users = Import-csv c:\Test\Users.csv

foreach($User in $Users){

$userID = Get-QADUser -Searchroot 'DOMAIN/AD' -LdapFilter '(employeeID = $User.EmployeeID1)'

$ID = $userID.SamAccountNAme

disable-qaduser -Identity DOMAIN2\$id

Set-QADUser "DOMAIN2\$id" -Description $User.NewDescription

Disable-ADAccount -identity $ID

Set-ADUser -identity $id -Description $User.NewDescription

Write-Host "Completed: " $id

}

Here is the error I receive:

*disable-qaduser : Target object is of invalid type: 'domainDNS'. 'user' expected.

At C:\test\2.ps1:11 char:1

+ disable-qaduser -Identity DOMAIN2\$id

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [Disable-QADUser], WrongObjectClassException

+ FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.BusinessLogic.WrongObjectClassException,Quest.Acti

veRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.DisableUserCmdlet

Set-QADUser : Target object is of invalid type: 'domainDNS'. 'user' expected.

At C:\test\2.ps1:12 char:1

+ Set-QADUser "DOMAIN2\$id" -Description $User.NewDescription

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [Set-QADUser], WrongObjectClassException

+ FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.BusinessLogic.WrongObjectClassException,Quest.Acti

veRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet

Disable-ADAccount : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for

the argument, and then try running the command again.

At C:\test\2.ps1:14 char:29

+ Disable-ADAccount -identity $ID

+ ~~~

+ CategoryInfo : InvalidData: (:) [Disable-ADAccount], ParameterBindingValidationException

+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.DisableAD

Account

Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the

argument, and then try running the command again.

At C:\test\2.ps1:15 char:22

+ Set-ADUser -identity $id -Description $User.NewDescription

+ ~~~

+ CategoryInfo : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException

+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUser*

Any help would be appreciated. Thanks

相关阅读:
Top