通过 Powershell 从远程服务器导入本地组

Question

我正在研究使用 Powershell 将安全设置从一台服务器复制到另一台服务器的最简单方法，我很好奇是否可以导入整个组，包括它的 Description 和 Members 属性？

以下是我目前拥有的脚本。看来我可以使用ADSI 适配器访问远程服务器上的本地组，但是Create 命令会出现以下错误消息

使用“2”参数调用“创建”的异常：“类型不匹配。（来自 HRESULT 的异常：0x80020005 (DISP_E_TYPEMISMATCH)）” 在 \prdhilfs02\install\Monet\ServerUpgrade\DEVHILWB119\Scripts\LocalUsersAndGroups.ps1:25 char:1+ $objCreate = $cn.Create("Group", $objRemote)

$computerName = "DEVWB89"
$objRemote = [ADSI]("WinNT://$computerName/$groupName")

$cn = [ADSI]"WinNT://localhost"
$cn.Create("Group", $objRemote)

编辑

所以我可以使用下面的脚本来完成我想要的。我可以使用远程服务器中的组名称和描述以及组信息。但是，有没有办法使用 Powershell 将 System.DirectoryServices.DirectoryEntry 对象及其所有属性简单地添加到本地计算机？另外，另一个缺点是我必须为组的用户对域进行硬编码。

$cn = [ADSI]"WinNT://localhost"
$computerName = "DEVWB89"

foreach($groupName in $groupArray)
{
    $objRemote = [ADSI]("WinNT://$computerName/$groupName")

    $objGroup = $cn.Create("Group", $($objRemote.Name))
    $objGroup.setinfo()

    $objGroup.description = $objGroup.Description
    $objGroup.setinfo()

    $Members = @($objRemote.psbase.Invoke("Members"))
    $Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) + ",";}

    $tempArray = $MemberNames -split ","

    foreach($member in $tempArray)
    {
        $objGroup.Add("WinNT://SYMETRA/$member, user")
    }
}

Answer 1

这将列出组的所有成员：

$Members = @($objRemote.psbase.Invoke("Members"))
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null);}
$MemberNames

更多有用信息：

PS C:\Users\YourUser\Desktop> $objAdmin = [ADSI]("WinNT://localhost/Administrator")
PS C:\Users\YourUser\Desktop> $objAdmin | gm


   TypeName: System.DirectoryServices.DirectoryEntry

Name                        MemberType Definition
----                        ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryIns...
ConvertLargeIntegerToInt64  CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
AutoUnlockInterval          Property   System.DirectoryServices.PropertyValueCollection AutoUnlockInterval {get;set;}
BadPasswordAttempts         Property   System.DirectoryServices.PropertyValueCollection BadPasswordAttempts {get;set;}
Description                 Property   System.DirectoryServices.PropertyValueCollection Description {get;set;}
FullName                    Property   System.DirectoryServices.PropertyValueCollection FullName {get;set;}
HomeDirDrive                Property   System.DirectoryServices.PropertyValueCollection HomeDirDrive {get;set;}
HomeDirectory               Property   System.DirectoryServices.PropertyValueCollection HomeDirectory {get;set;}
LastLogin                   Property   System.DirectoryServices.PropertyValueCollection LastLogin {get;set;}
LockoutObservationInterval  Property   System.DirectoryServices.PropertyValueCollection LockoutObservationInterval {get;set;}
LoginHours                  Property   System.DirectoryServices.PropertyValueCollection LoginHours {get;set;}
LoginScript                 Property   System.DirectoryServices.PropertyValueCollection LoginScript {get;set;}
MaxBadPasswordsAllowed      Property   System.DirectoryServices.PropertyValueCollection MaxBadPasswordsAllowed {get;set;}
MaxPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MaxPasswordAge {get;set;}
MaxStorage                  Property   System.DirectoryServices.PropertyValueCollection MaxStorage {get;set;}
MinPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MinPasswordAge {get;set;}
MinPasswordLength           Property   System.DirectoryServices.PropertyValueCollection MinPasswordLength {get;set;}
Name                        Property   System.DirectoryServices.PropertyValueCollection Name {get;set;}
objectSid                   Property   System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
Parameters                  Property   System.DirectoryServices.PropertyValueCollection Parameters {get;set;}
PasswordAge                 Property   System.DirectoryServices.PropertyValueCollection PasswordAge {get;set;}
PasswordExpired             Property   System.DirectoryServices.PropertyValueCollection PasswordExpired {get;set;}
PasswordHistoryLength       Property   System.DirectoryServices.PropertyValueCollection PasswordHistoryLength {get;set;}
PrimaryGroupID              Property   System.DirectoryServices.PropertyValueCollection PrimaryGroupID {get;set;}
Profile                     Property   System.DirectoryServices.PropertyValueCollection Profile {get;set;}
UserFlags                   Property   System.DirectoryServices.PropertyValueCollection UserFlags {get;set;}


PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0], $null)
Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted.
"
At line:1 char:1
+ $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0] ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : COMException

PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("PasswordAge", "GetProperty", $null, $Members[0], $null)
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("UserFlags", "GetProperty", $null, $Members[0], $null)