Bonjour,
Voici le script :
param(
$sourceacc,
$destacc
)
# Chargement de assembly Visual Basic
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
# Chargement du module Active Directory
Import-Module ActiveDirectory
# On controle si les 2 comptes ont été saisis
if (-not $sourceacc) { $sourceacc = [Microsoft.VisualBasic.Interaction]::InputBox("Saisir le nom du compte de référence...", "Compte source", "") }
if (-not $destacc) { $destacc = [Microsoft.VisualBasic.Interaction]::InputBox("Saisir le nom du compte qui va hériter des droits...", "Compte de destination", "") }
# On récupère les informations de groupes de chaque compte, si un compte n'est pas trouvé on génère une erreur
try { $sourcemember = get-aduser -filter {samaccountname -eq $sourceacc} -property memberof | select memberof }
catch { $sourcemember = $null}
try { $destmember = get-aduser -filter {samaccountname -eq $destacc} -property memberof | select memberof }
catch { $destmember = $null}
if ($sourcemember -eq $null) {[Microsoft.VisualBasic.Interaction]::MsgBox("Compte source introuvable",0,"Fin");return}
if ($destmember -eq $null) {[Microsoft.VisualBasic.Interaction]::MsgBox("Compte de destination introuvable",0,"Fin");return}
# On compare les adhésions, s'il n'y a aucune différence on sort
if (-not (compare-object $destmember.memberof $sourcemember.memberof)) {
[Microsoft.VisualBasic.Interaction]::MsgBox("Les comptes $sourceacc & $destacc appartiennent aux mêmes groupes. On n'apporte aucune modification...",0,"Fin");return
}
# Prompt for adding user to groups, only prompt when there are changes
if (compare-object $destmember.memberof $sourcemember.memberof | where-object {$_.sideindicator -eq '=>'}) {
$ConfirmAdd = [Microsoft.VisualBasic.Interaction]::MsgBox("Voulez-vous ajouter `'$($destacc)`' dans les groupes:`n`n$((compare-object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '=>'} | select -expand inputobject | foreach {([regex]::split($_,'^CN=|,.+$'))[1]}) -join "`n")",4,"Merci de confirmer l'action suivante")
}
# Prompt for removing user from groups, only prompt when there are changes
if (compare-object $destmember.memberof $sourcemember.memberof | where-object {$_.sideindicator -eq '<='}) {
$ConfirmRemove = [Microsoft.VisualBasic.Interaction]::MsgBox("Voulez-vous retirer `'$($destacc)`' des groupes:`n`n$((compare-object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '<='} | select -expand inputobject | foreach {([regex]::split($_,'^CN=|,.+$'))[1]}) -join "`n")",4,"Merci de confirmer l'action suivante")
}
# If the user confirmed adding the groups to the account, the user will be added to the groups
if ($ConfirmAdd -eq "Yes") {
compare-object $destmember.memberof $sourcemember.memberof | where-object {$_.sideindicator -eq '=>'} |
select -expand inputobject | foreach {add-adgroupmember "$_" $destacc}
}
# If the user confirmed removing any groups not present on the source account, the user will be removed from the groups
if ($ConfirmRemove -eq "Yes") {
compare-object $destmember.memberof $sourcemember.memberof | where-object {$_.sideindicator -eq '<='} |
select -expand inputobject | foreach {remove-adgroupmember "$_" $destacc}
}
# Si compte de destination est membre du groupe XXXX => email à XX@XX.fr
# Prompt after executing script
[Microsoft.VisualBasic.Interaction]::MsgBox("Operation terminée",0,"Fin")
exit
C'est pour la section "# Si compte de destination est membre du groupe XXXX => email à XX@XX.fr" que j'ai du mal...
Merci d'avance
