在确定我们的服务帐户是否是IIS_IUSRS本地组的成员时,以下是我的两个最佳猜测。
两者都不会崩溃,但是每个if语句每次都返回false。我已将用户帐户手动添加/删除到该组,并确认这是“假”否定词。
#Connect to Active Directory database using Powershell ADSI adapter
#Keep this value as 'localhost' to ensure you connect to this computer
$cn = [ADSI]"WinNT://localhost"
$env = "dev"
$monet = "s.Monet.$env"
$periscope = "s.PeriscopeWeb.$env"
$agentData = "s.AgentData.$env"
#add service accounts to IIS_IUSRS group
$iis_iusrs = [ADSI] "WinNT://localhost/IIS_IUSRS"
if (-not $iis_iusrs.memberOf | where { $_ -match $monet})
{
$iis_iusrs.Add("WinNT://DOMAIN/$monet, user")
}
if (-not (Get-ADUser $periscope -Properties memberof).memberof -like "CN=IIS_IUSRS*")
{
最佳答案
这可能是您要寻找的:
#Get the IIS_IUSRS group
$iis_iusrs = [ADSI]"WinNT://localhost/IIS_IUSRS"
$Members = @($iis_iusrs.psbase.Invoke("Members"))
#Populate the $MemberNames array with all the user ID's
$MemberNames = @()
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null);}
#See if your user ID is in there
if (-Not $MemberNames.Contains($monet)) {
$iis_iusrs.Add("WinNT://DOMAIN/$monet, user")
}
关于powershell - 确定用户是否是Powershell中本地组的成员,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/28842174/