个人中心
gpt4 book ai didi

powershell - Get-ADGroupMember停止为某些用户工作

转载 作者:行者123 更新时间:2023-12-02 23:27:39 25 4
gpt4 key购买 nike

不确定何时开始,但是当我尝试使用具有管理特权的帐户获取Get-ADGroupMember的组成员身份时,出现以下错误:

Get-ADGroupMember : An operations error occurred
At line:1 char:1
+ Get-ADGroupMember -Identity redacted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (redacted:ADGroup) [Get-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8224,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

如果我尝试扩展实际错误,则最终结果是这样的: 
PS C:\Users\redacted> $error[0] | select *


PSMessageDetails      :
Exception             : Microsoft.ActiveDirectory.Management.ADException: An operations error occurred --->
                        System.ServiceModel.FaultException`1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADGroupMemberFault]:
                        Active Directory returned an error processing the operation.

                        Server stack trace:
                           at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
                           at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation,
                        Object[] ins, Object[] outs, TimeSpan timeout)
                           at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime
                        operation)
                           at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

                        Exception rethrown at [0]:
                           at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
                           at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
                           at
                        schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.AccountManagement.GetADGroupMember(GetADGroupMemberRequest
                        request)
                           at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADGroupMember(GetADGroupMemberRequest request)
                           --- End of inner exception stack trace ---
                           at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(CustomActionFault caFault, FaultException
                        faultException)
                           at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADGroupMember(GetADGroupMemberRequest request)
                           at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADAccountManagement.
                        GetADGroupMember(ADSessionHandle handle, GetADGroupMemberRequest request)
                           at Microsoft.ActiveDirectory.Management.ADAccountManagement.GetGroupMembers(String partitionDN, String groupDN, Boolean
                        recursive)
                           at Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember.GetADGroupMemberProcessCSRoutine()
                           at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke()
                           at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()
TargetObject          : redacted
CategoryInfo          : NotSpecified: (redacted:ADGroup) [Get-ADGroupMember], ADException
FullyQualifiedErrorId : ActiveDirectoryServer:8224,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}

有趣的是,我无法在开发环境中重现此错误,并且仅在某些帐户(最著名的是具有帐户管理类型权限的帐户)下运行时才会发生。

有趣的是 Get-ADGroup-身份已编辑-属性成员可以正常工作。问题是我需要获得嵌套组的成员身份,而我真的...真的很想避免不必要地重新发明轮子。

看来问题出在权限相关,但我真的不知道从哪里开始。我进行了一些搜索,发现了一些匹配,但没有找到解决方案。

所以....有人有什么想法或建议吗?

最佳答案

就我而言,如果我查询的组具有来自受信任林的成员,则使用Get-ADGroupMember查询AD组时,会得到完全相同的错误。所有其他组都可以正常工作,但是当cmdlet从运行它的域之外找到对象时,它将引发错误。解决方法是使用Get-AdGroup,然后展开Members属性并在进一步的命令中使用该输出,效果很好。

关于powershell - Get-ADGroupMember停止为某些用户工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29808611/

25 4 0
文章推荐: python - 如何检测pyaudio输入的声音频率?
文章推荐: elasticsearch - ElastAlert和Kibana 5.0
文章推荐: elasticsearch - 使用ngram在文本内搜索搜索模式的最小字符
文章推荐: powershell - 在Get-VM上构建一个有效的foreach循环
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com