AD域批量运维管理脚本
注意:以下操作都需要以管理员权限运行powersehll命令才行执行成功。
1 批量创建计算机账户
$ouPath = "OU=computer,OU=Citrix,DC=citrixlab,DC=local"
1..100 | ForEach-Object {
$computerNumber = $_.ToString("000") #此为占位符
$computerName = "CVAD-$computerNumber"
New-ADComputer -Name $computerName -Path $ouPath
}2 批量创建AD域账号
$ouPath = "OU=Citrix,DC=citrixlab,DC=local"
$csvPath = "C:\Path\to\input.csv"
$users = Import-Csv -Path $csvPath
foreach ($user in $users) {
$userName = $user.UserName
$password = ConvertTo-SecureString -String $user.Password -AsPlainText -Force
$userParams = @{
SamAccountName = $userName
UserPrincipalName = "$userName@citrixlab.local"
Name = $userName
GivenName = $user.FirstName
Surname = $user.LastName
DisplayName = $user.DisplayName
Path = $ouPath
AccountPassword = $password
Enabled = $true
}
New-ADUser @userParams
}3 批量移动指定OU下计算机账户到另外OU
$sourceOU = "OU=Computers,OU=DepartmentA,DC=example,DC=com"
$targetOU = "OU=VDI Computers,OU=DepartmentB,DC=example,DC=com"
$filter = {
Name -like "VDI*"
}
$computers = Get-ADComputer -Filter $filter -SearchBase $sourceOU
foreach ($computer in $computers) {
Move-ADObject -Identity $computer -TargetPath $targetOU
}4 按条件删除指定OU下的计算机账户
$ouPath = "OU=Computers,OU=DepartmentA,DC=example,DC=com"
$filter = {
Enabled -eq $true -and #选择禁用的
OperatingSystem -like "*Server*" -and #选择是server的系统
(Search-ADAccount -ComputersOnly -AccountDisabled).Count -eq 0 -and #排除已禁用的计算机
Description -eq "To be deleted"
}
$computers = Get-ADComputer -Filter $filter -SearchBase $ouPath
foreach ($computer in $computers) {
Remove-ADComputer -Identity $computer -Confirm:$false
}5 按条件删除指定OU下的域账号
$ouPath = "OU=Users,OU=DepartmentA,DC=example,DC=com"
$filter = {
Enabled -eq $true -and
(Search-ADAccount -UsersOnly -AccountDisabled).Count -eq 0 -and
Description -eq "To be deleted"
}
$users = Get-ADUser -Filter $filter -SearchBase $ouPath
foreach ($user in $users) {
Remove-ADUser -Identity $user -Confirm:$false -Recursive -Force
}