通过Powershell从远程服务器导入本地组

Question

我正在研究使用Powershell将安全设置从一台服务器复制到另一台服务器的最简单方法，我很好奇它是否可以导入整个组，包括它的Description和Members属性？

下面是我目前使用的脚本。看来，我可以用下面的错误信息

异常调用“创建”与“2”参数（S）访问本地组使用ADSI适配器的远程服务器上，但是Create命令炸弹：“类型（“HRESULT异常：0x80020005（DISP_E_TYPEMISMATCH）”） At \ prdhilfs02 \ install \ Monet \ ServerUpgrade \ DEVHILWB119 \ Scripts \ LocalUsersAndGroups.ps1：25 char：1+ $ objCreate = $ cn.Create（“Group”，$ objRemote）

$computerName = "DEVWB89" 
$objRemote = [ADSI]("WinNT://$computerName/$groupName") 

$cn = [ADSI]"WinNT://localhost" 
$cn.Create("Group", $objRemote) 

编辑

所以我可以通过使用下面的脚本完成我想要的。我可以使用来自远程服务器的组名和说明以及组信息。但是，有没有办法使用Powershell简单地将System.DirectoryServices.DirectoryEntry对象及其所有属性添加到本地计算机？此外，另一个缺点是我必须为本集团的用户硬编码域名。

$cn = [ADSI]"WinNT://localhost" 
$computerName = "DEVWB89" 

foreach($groupName in $groupArray) 
{ 
    $objRemote = [ADSI]("WinNT://$computerName/$groupName") 

    $objGroup = $cn.Create("Group", $($objRemote.Name)) 
    $objGroup.setinfo() 

    $objGroup.description = $objGroup.Description 
    $objGroup.setinfo() 

    $Members = @($objRemote.psbase.Invoke("Members")) 
    $Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) + ",";} 

    $tempArray = $MemberNames -split "," 

    foreach($member in $tempArray) 
    { 
     $objGroup.Add("WinNT://SYMETRA/$member, user") 
    } 
} 

Answer 1

这会列出该组的所有成员：

$Members = @($objRemote.psbase.Invoke("Members")) 
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null);} 
$MemberNames 

更多有用信息：

PS C:\Users\YourUser\Desktop> $objAdmin = [ADSI]("WinNT://localhost/Administrator") 
PS C:\Users\YourUser\Desktop> $objAdmin | gm 


    TypeName: System.DirectoryServices.DirectoryEntry 

Name      MemberType Definition 
----      ---------- ---------- 
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryIns... 
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance) 
AutoUnlockInterval   Property System.DirectoryServices.PropertyValueCollection AutoUnlockInterval {get;set;} 
BadPasswordAttempts   Property System.DirectoryServices.PropertyValueCollection BadPasswordAttempts {get;set;} 
Description     Property System.DirectoryServices.PropertyValueCollection Description {get;set;} 
FullName     Property System.DirectoryServices.PropertyValueCollection FullName {get;set;} 
HomeDirDrive    Property System.DirectoryServices.PropertyValueCollection HomeDirDrive {get;set;} 
HomeDirectory    Property System.DirectoryServices.PropertyValueCollection HomeDirectory {get;set;} 
LastLogin     Property System.DirectoryServices.PropertyValueCollection LastLogin {get;set;} 
LockoutObservationInterval Property System.DirectoryServices.PropertyValueCollection LockoutObservationInterval {get;set;} 
LoginHours     Property System.DirectoryServices.PropertyValueCollection LoginHours {get;set;} 
LoginScript     Property System.DirectoryServices.PropertyValueCollection LoginScript {get;set;} 
MaxBadPasswordsAllowed  Property System.DirectoryServices.PropertyValueCollection MaxBadPasswordsAllowed {get;set;} 
MaxPasswordAge    Property System.DirectoryServices.PropertyValueCollection MaxPasswordAge {get;set;} 
MaxStorage     Property System.DirectoryServices.PropertyValueCollection MaxStorage {get;set;} 
MinPasswordAge    Property System.DirectoryServices.PropertyValueCollection MinPasswordAge {get;set;} 
MinPasswordLength   Property System.DirectoryServices.PropertyValueCollection MinPasswordLength {get;set;} 
Name      Property System.DirectoryServices.PropertyValueCollection Name {get;set;} 
objectSid     Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;} 
Parameters     Property System.DirectoryServices.PropertyValueCollection Parameters {get;set;} 
PasswordAge     Property System.DirectoryServices.PropertyValueCollection PasswordAge {get;set;} 
PasswordExpired    Property System.DirectoryServices.PropertyValueCollection PasswordExpired {get;set;} 
PasswordHistoryLength  Property System.DirectoryServices.PropertyValueCollection PasswordHistoryLength {get;set;} 
PrimaryGroupID    Property System.DirectoryServices.PropertyValueCollection PrimaryGroupID {get;set;} 
Profile      Property System.DirectoryServices.PropertyValueCollection Profile {get;set;} 
UserFlags     Property System.DirectoryServices.PropertyValueCollection UserFlags {get;set;} 


PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0], $null) 
Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted. 
" 
At line:1 char:1 
+ $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0] ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [], MethodInvocationException 
    + FullyQualifiedErrorId : COMException 

PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("PasswordAge", "GetProperty", $null, $Members[0], $null) 
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("UserFlags", "GetProperty", $null, $Members[0], $null)