在公司AD 中,希望每一個用戶在單一users OU 中,透過ad group 進行分別執行 條件中的script
例如:
import-module activedirectory
if(!($env:COMPUTERNAME -like "AA0*" -or $env:COMPUTERNAME -like "BB0*"))
{
#取得 user 所有資訊
$i = Get-ADUser -Identity $u -Properties *
#取得 user Group 資訊
$j = $i.memberof
#網路路徑
$userfile1 = "\\domain.com\vdidatastore\UserData\$env:username"
$userfile2 = "\\data11\userdatav3$\$env:username"
$idfile = "\\ID.domain.com\ID"
$Daily = "\\Daily.domain.com\Dailymeeting"
#螢幕保護
$screenREG = "HKCU:SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop"
$screenVendor = "\\domain.com\datastore\Software\screensaver\screensaverVendor.scr"
$screenUser = "\\domain.com\datastore\Software\screensaver\screensaver20191202.scr"
#DeepSecurity啟動腳本
$DSPatch = "\\domain.com\sysvol\domain.com\Policies\{B1B648E3-6FE4-4D4E-81B8-605B5A39BEBC}\User\Scripts\Logon\DeepSecurity_update.bat"
foreach ($k in $j)
{#拆開user Group
if ($k -split (",")[0] -contains "CN=Vendors" -and $k -split (",")[0] -contains "CN=VDIUserGroupOAv3")
{#判斷 user 为Vendor 且有VDI V3 則連V3 Z槽
if(!(Test-Path "$userfile2"))
{
New-Item $userfile2 -ItemType directory
}
net use H: "$idfile"
net use I: "\\file.domain.com\Public"
net use G: "\\file.domain.com\Project"
net use J: "\\file.domain.com\Department"
net use Z: "$userfile2"
#啟動Deep Security Agent
Start-Process $DSPatch -NoNewWindow
#設定螢幕保護
Set-ItemProperty -Path $screenREG -Name "SCRNSAVE.EXE" -Value "$screenVendor"
"VendorV3"
#Exit
}elseif ($k -split (",")[0] -contains "CN=Vendors" -and $k -split (",")[0] -contains "CN=VDIUserGroup")
{
if(!(Test-Path "$userfile1"))
{
New-Item $userfile1 -ItemType directory
}
net use H: "$idfile"
net use I: "\\file.domain.com\Public"
net use G: "\\file.domain.com\Project"
net use J: "\\file.domain.com\Department"
net use Z: "$userfile1"
#設定螢幕保護
Set-ItemProperty -Path $screenREG -Name "SCRNSAVE.EXE" -Value "$screenVendor"
"VendorV1"
#Exit
}
}
}
以上這樣的條件下,在Win7/Win10 下無法執行,因為無法判斷adgroup
不曉得這邊有沒有人有經驗可以協助?
已邀請的邦友 {{ invite_list.length }}/5
iThome鐵人賽
看影片追技術