我遇到一个奇怪的问题,使用pywinrm模块的Python代码。 让我解释一下。我有,我启动以下python脚本在Linux服务器:Pywinrm和Active Directory PowerShell cmdlet
import winrm
"""Create security group"""
s = winrm.Session('https://servername:5986/wsman',
auth=(None, None), transport='kerberos',
server_cert_validation='ignore')
name = "test"
path = "OU=Security Groups,DC=test,DC=org"
ps_command = 'New-ADGroup -Name "{0}"
-GroupScope Universal
-GroupCategory Security
-Path "{1}" -Server ldap.test.org'.format(name, path)
r = s.run_ps(ps_command)
if r.status_code == 0 :
print(r.std_out.decode('UTF-8'))
else:
print(r.std_err('UTF-8'))
这一次将连接在Windows服务器上(不是DC),然后将启动组创建的命令的HTTPS侦听器。
当我直接在Windows服务器上启动AD cmdlet时,它完美地工作,安全组在AD中创建。但是,通过脚本,我有如下反应:
$ python3 test_winrm.py
New-ADGroup : Unable to contact the server. This may be because this server does not exist, it is currently down,
or it does not have the Active Directory Web Services running.
At line:1 char:1
+ New-ADGroup -Name "test" -GroupScope Universal -GroupCategory Security
-Path "O ...
+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ADGroup], ADServer
DownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector
y.Management.Commands.NewADGroup
我想还注意到,如果我通过一个基本的替换当前的PowerShell命令(例如,建立在Windows服务器上的文件夹中),它作品。
因此,即使安装了RSAT,它也可以在Windows服务器上本地运行,但无法与AD cmdlet一起运行......您是否有过此主题的以前的经验?
感谢您的帮助。
听起来像[double hop](https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/)问题。 – BenH