如何解决如何在脚本中引入开关/参数?
好的,长话短说:我的老板希望我修改这个我一直在努力(并且这里的人已经帮助过)的脚本,以具有一种“仅记录”功能。用'-log'(或其他任何东西)运行它,并让它像正常一样处理,除了只记录它会做的事情。在这种情况下,我已经尝试过 -WhatIf... 不够解释。
所以我添加了两个新函数,它们是现有函数的副本,只是添加了一些写入日志,而不是实际的 cmdlet。我想这正是他要找的,只是我不知道如何称呼他们。
代码如下:
#---------------------------------------------------------[Initializations]--------------------------------------------------------
# Dot Source required Function Libraries
#. "\\server\e$\scripts\Logging_Functions.ps1"
. "c:\users\documents\powershell\Logging_Functions.ps1"
# Error Action
$ErrorActionPreference = 'silentlycontinue'
# Debug preference
#$global:DebugPreference = "continue"
# WhatIf Preference,uncomment to run script in a logging only function
#$WhatIfPreference = $true
#----------------------------------------------------------[Declarations]----------------------------------------------------------
# Script Version
$sScriptVersion = "1.0"
Import-Module ActiveDirectory
# Log File Info
$sLogPath = "C:\Users\Documents\powershell\Logs"
#$sLogPath = "\\server\e$\Logs"
$sLogName = "Set-LitmosGroups_$(get-date -f yyyy-MM-dd_HH-mm-ss).log"
$sLogFile = Join-Path -Path $sLogPath -Childpath $sLogName
$LogLine = $null
# Variable Initializations
# Org Unit where the target groups reside (Litmos)
$OU = "ou=test_litmos,ou=test accounts,ou=company,dc=domain,dc=net"
# Org unt containing the All Managers security group
$OU2 = "CN=All Managers,OU=Organizational,OU=Groups,OU=company,DC=domain,DC=net"
# Get member of the 'ALL Managers' security group
$Managers = Get-ADGroupMember -identity $OU2 | Select-Object -expandproperty samaccountname
# Get AD groups with Report to in the name in $ou
$ReportsTo = Get-adgroup -searchbase $ou -filter "Name -like 'Report to *'" |
Select-Object -expandproperty name
$groupcount = 0
$samecount = 0
$addcount = 0
#----------------------------------------------------------[Functions]-------------------------------------------------------------
Function Get-DirectReport {
#requires -Module ActiveDirectory
<#
.SYnopSIS
This script will get a user's direct reports recursively from ActiveDirectory unless specified with the norecurse parameter.
It also uses the user's EmployeeID attribute as a way to exclude service accounts and/or non standard accounts that are in the reporting structure.
.NOTES
Name: Get-DirectReport
Author: theSysadminChannel
Version: 1.0
DateCreated: 2020-Jan-28
.LINK
https://thesysadminchannel.com/get-direct-reports-in-active-directory-using-powershell-recursive -
.ParaMETER SamAccountName
Specify the samaccountname (username) to see their direct reports.
.ParaMETER norecurse
Using this option will not drill down further than one level.
.EXAMPLE
Get-DirectReport username
.EXAMPLE
Get-DirectReport -SamAccountName username -norecurse
.EXAMPLE
"username" | Get-DirectReport
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,ValueFromPipeline = $true,ValueFromPipelineByPropertyName = $true
)]
[string] $SamAccountName,[switch] $norecurse
)
BEGIN {}
PROCESS {
$UserAccount = Get-ADUser $SamAccountName -Properties DirectReports,displayName
$UserAccount | select -ExpandProperty DirectReports | ForEach-Object {
$User = Get-ADUser $_ -Properties DirectReports,displayName,Title,EmployeeID
if ($null -ne $User.EmployeeID) {
if (-not $norecurse) {
Get-DirectReport $User.SamAccountName
}
[PSCustomObject]@{
SamAccountName = $User.SamAccountName
UserPrincipalName = $User.UserPrincipalName
displayName = $User.displayName
Manager = $UserAccount.displayName
}
}
}
}
END {}
}
Function New-bhReportToGroup {
[CmdletBinding(SupportsShouldProcess)]
$Log1 = "New group for " + $manager + " has been created."
$Log2 = "Group for " + $manager + " already exists."
#From on when you see the below line $script:<variable> that sets the scope for that variable to the entire script which means other functions can use the value
$script:ReportsTo = $ReportsTo -replace ("Report to ","")
if ($manager -notin $ReportsTo) {
new-adgroup -name "Report to $manager" -groupscope global -path $ou
$addcount = $addcount +1
$LogLine = $Log1
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$samecount = $samecount + 1
$LogLine = $Log2
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function New-bhReportToGroup_logonly {
[CmdletBinding(SupportsShouldProcess)]
$Log1 = "New group for " + $manager + " would have been created in $OU."
$Log2 = "Group for " + $manager + " already exists in $OU."
$script:ReportsTo = $ReportsTo -replace ("Report to ","")
if ($manager -notin $ReportsTo) {
$addcount = $addcount +1
$LogLine = $Log1
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$samecount = $samecount + 1
$LogLine = $Log2
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function Get-bhDReports {
[CmdletBinding(SupportsShouldProcess)]
$script:directreports = Get-Directreport $manager -norecurse | Select-Object samAccountName
if ($null -ne $directreports) {
$LogLine = "Gathering direct reports for " + $manager
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = $manager + " has no reports."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function Set-bhRTGmembers {
[CmdletBinding(SupportsShouldProcess)]
#
# Get manager's 'report to <manager>' group again to update members
$managerReportToGroup = Get-ADGroup -SearchBase $OU -Filter "Name -like 'Report to $Manager'"
if ($managerReportToGroup) {
Add-ADGroupMember -identity $managerReportToGroup.Name -members $DirectReports
Add-ADGroupMember -identity $managerReportToGroup.name -members $Manager
$LogLine = "Report to " + $Manager + " updated."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = "Could not find group for " + $Manager
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
Function Set-bhRTGmembers_logonly {
[CmdletBinding(SupportsShouldProcess)]
#
# Get manager's 'report to <manager>' group again to update members
$managerReportToGroup = Get-ADGroup -SearchBase $OU -Filter "Name -like 'Report to $Manager'"
if ($managerReportToGroup) {
$LogLine = "Report to " + $Manager + " would be updated with $DirectReports."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = "Could not find group for " + $Manager
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
#----------------------------------------------[ Execution ]------------------------------------------------
Foreach ($Manager in $Managers) {
New-bhReportToGroup
Get-bhDReports
Set-bhRTGmembers
}
Foreach ($Report in $ReportsTo) {
$report = $report -replace ("Report to ","")
if ($Report -notin $managers) {
Remove-ADGroup -Identity "Report to $Report" -confirm:$false
$LogLine = $report + " user has fell out of scope,Report group removed."
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
else {
$LogLine = "No groups deleted.`n"
Log-Write -LogPath $sLogFile -LineValue $LogLine
}
}
#Remove-Variable * -ErrorAction SilentlyContinue; Remove-Module *; $error.Clear(); Clear-Host
您可以看到 '_logonly' 函数.. 我如何使用开关从 cmdline 调用它们?
解决方法
如果给每个参数添加一个 [Switch]$LogOnly 参数,然后用这样的 if 语句将“work”括起来:
之前:
#do the work
#do the logging
之后:
if(-not $LogOnly){
#Do the work
}
#Do the logging
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
