bsharath
asked on
Powershell script that updates the membership picking the contacts. Need it to work on multiple Domains.
Hi,
Powershell script that updates the membership picking the contacts. Need it to work on multiple Domains.
Its a related script. The code is from Chris.
REgards
Sharath
Powershell script that updates the membership picking the contacts. Need it to work on multiple Domains.
Its a related script. The code is from Chris.
REgards
Sharath
$RootDomain = Connect-QADService "group.co.uk" -Credential $(Get-Credential)
$ChildDomain = Connect-QADService "dev.group.co.uk" -Credential $(Get-Credential)
Get-Content "GroupMembership.txt" | %{
$Data = $_.Split(";")
$Object = Get-QADObject -LdapFilter "(mail=$($Data[0]))" -Connection $ChildDomain
for ($i = 1; $i -lt $Data.Count; $i++)
{
Add-QADGroupMember $Data[$i] -Member $($Object.DN) -Connection $RootDomain } }
ASKER
Chris
In the initial Code...Any ideas on why a group that had only 2 members is populated with 8
Is there chances that the script may have some issue.
I have a group called escalations. In the Source i had 2 users that are members. Now after the contacts run there are 8.
is there any way that the pulling or pushing script fetches from other groups...
i know i am asking the wrong Q...But confused...
In the initial Code...Any ideas on why a group that had only 2 members is populated with 8
Is there chances that the script may have some issue.
I have a group called escalations. In the Source i had 2 users that are members. Now after the contacts run there are 8.
is there any way that the pulling or pushing script fetches from other groups...
i know i am asking the wrong Q...But confused...
You'd have to look in the text file and see which members that has listed. I can't really tell you very much, I can only create these from a theoretical standpoint.
The only way I could thoroughly test these is by plugging a workstation into your forest(s) and doing this for you. I'm not at all suggesting we attempt to arrange that, but you have to appreciate the difficulty.
Chris
ASKER
Thanks
Shall test this code and get back
have one Q..
Can we query 1 forest 1 OU groups with another forest 1 OU groups and Clear all from the destination and Add all groups as its in the Source to destination?
Can you help with a code that can do this.
I guess i have scrambled some groups and they are different from source to destination
Shall test this code and get back
have one Q..
Can we query 1 forest 1 OU groups with another forest 1 OU groups and Clear all from the destination and Add all groups as its in the Source to destination?
Can you help with a code that can do this.
I guess i have scrambled some groups and they are different from source to destination
ASKER
Chris
Say i have
Suresh
Suresh nam
Suresh Sam
When script run and i have "Suresh" will the exact match be added?
if not can it be the exact match in the script please
Say i have
Suresh
Suresh nam
Suresh Sam
When script run and i have "Suresh" will the exact match be added?
if not can it be the exact match in the script please
For the group name? It matches on e-mail for User / Contact objects, or at least that's what I expected it to do.
Chris
ASKER
I have this in the txt file
Muthu.Hui@plc.com;Newjoine rs;newjoin ers ind;
sha@plc.com;newjoiners ind
Now sha@plc.com will it add in newjoiners ind or newjoiners groups
Muthu.Hui@plc.com;Newjoine
sha@plc.com;newjoiners ind
Now sha@plc.com will it add in newjoiners ind or newjoiners groups
This should be a bit more careful with the group name.
Chris
# This must be a Global Catalog server
$GC = Connect-QADService "server.domain.local" -UseGlobalCatalog
Get-Content "GroupMembership.txt" | %{
$Data = $_.Split(";")
# Search Root must be the Forest Root Domain
$Object = Get-QADObject -SearchRoot "DC=domain,DC=local" -LdapFilter "(mail=$($Data[0]))" -Connection $GC
for ($i = 1; $i -lt $Data.Count; $i++)
{
# Search Root must be the Forest Root Domain
$Group = Get-QADObject -Name $Data[$i] -SearchRoot "DC=domain,DC=local" -Connection $GC
If ($Group -ne $Null)
{
# Pull the Group Domain Name from the CanonicalName
$GroupDomain = $Group.CanonicalName.SubString(0, $Group.CanonicalName.IndexOf("/"))
# Attempt to add a user to the group using a Domain Controller in the groups domain
Add-QADGroupMember -Name $Data[$i] -Member $($Object.DN) -Service $GroupDomain
}
Else
{
Write-Host "Could not find group $($Data[$i])"
}
}
}
ASKER
Chris i get this
Add-QADGroupMember : Cannot validate argument on parameter 'Member'. The argument is null or empty. Supply an argument
that is not null or empty and then try the command again.
At line:14 char:43
+ Add-QADGroupMember -Name $Data[$i] -Member <<<< $($Object.DN) -Service $GroupDomain
+ CategoryInfo : InvalidData: (:) [Add-QADGroupMember], ParameterBindingValidation Exception
+ FullyQualifiedErrorId : ParameterArgumentValidatio nError,Que st.ActiveR oles.ArsPo werShellSn apIn.Cmdle ts.AddGrou pM
emberCmdlet2
and this
Add-QADGroupMember : A parameter cannot be found that matches parameter name 'Name'.
At line:14 char:25
+ Add-QADGroupMember -Name <<<< $Data[$i] -Member $($Object.DN) -Service $GroupDomain
+ CategoryInfo : InvalidArgument: (:) [Add-QADGroupMember], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Que st.ActiveR oles.ArsPo werShellSn apIn.Cmdle ts.AddGrou pMemberCmd le
t2
Add-QADGroupMember : Cannot validate argument on parameter 'Member'. The argument is null or empty. Supply an argument
that is not null or empty and then try the command again.
At line:14 char:43
+ Add-QADGroupMember -Name $Data[$i] -Member <<<< $($Object.DN) -Service $GroupDomain
+ CategoryInfo : InvalidData: (:) [Add-QADGroupMember], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
emberCmdlet2
and this
Add-QADGroupMember : A parameter cannot be found that matches parameter name 'Name'.
At line:14 char:25
+ Add-QADGroupMember -Name <<<< $Data[$i] -Member $($Object.DN) -Service $GroupDomain
+ CategoryInfo : InvalidArgument: (:) [Add-QADGroupMember], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Que
t2
Fixed.
Chris
# This must be a Global Catalog server
$GC = Connect-QADService "server.domain.local" -UseGlobalCatalog
Get-Content "GroupMembership.txt" | %{
$Data = $_.Split(";")
# Search Root must be the Forest Root Domain
$Object = Get-QADObject -SearchRoot "DC=domain,DC=local" -LdapFilter "(mail=$($Data[0]))" -Connection $GC
If ($Object -ne $Null)
{
for ($i = 1; $i -lt $Data.Count; $i++)
{
# Search Root must be the Forest Root Domain
$Group = Get-QADObject -Name $Data[$i] -SearchRoot "DC=domain,DC=local" -Connection $GC
If ($Group -ne $Null)
{
# Pull the Group Domain Name from the CanonicalName
$GroupDomain = $Group.CanonicalName.SubString(0, $Group.CanonicalName.IndexOf("/"))
# Attempt to add a user to the group using a Domain Controller in the groups domain
Add-QADGroupMember $Group.DN -Member $($Object.DN) -Service $GroupDomain
}
Else
{
Write-Host "Could not find group $($Data[$i])"
}
}
}
Else
{
Write-Host "Could not find object $($Data[0])"
}
}
ASKER
Chris emailed you the error screenshot.
It says cannot find an email address. It needs to check for contacts
It says cannot find an email address. It needs to check for contacts
It's checking all object types. Did you replace this with the root domain?
"DC=domain,DC=local"
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Emailed you chris
I get email address not found. As the email address has to be searched within each contact
I get email address not found. As the email address has to be searched within each contact
This may work. I have no way of testing this.
You must run the script as an account with write access to all domains in the Forest. That is, you must run this as an Enterprise Admin.
This will not work for Domain Local Groups but Global and Universal should work.
Chris
Open in new window