不知道什么时候该开始工作,但是当我试图让以Get-ADGroupMember组成员具有管理priviliages我得到下面的错误的帐户:获取-ADGroupMember停止对一些用户
Get-ADGroupMember : An operations error occurred
At line:1 char:1
+ Get-ADGroupMember -Identity redacted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (redacted:ADGroup) [Get-ADGroupMember], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8224,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
如果我试图展开实际的错误它最终被这样的:
PS C:\Users\redacted> $error[0] | select *
PSMessageDetails :
Exception : Microsoft.ActiveDirectory.Management.ADException: An operations error occurred --->
System.ServiceModel.FaultException`1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADGroupMemberFault]:
Active Directory returned an error processing the operation.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation,
Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime
operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at
schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.AccountManagement.GetADGroupMember(GetADGroupMemberRequest
request)
at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADGroupMember(GetADGroupMemberRequest request)
--- End of inner exception stack trace ---
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(CustomActionFault caFault, FaultException
faultException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADGroupMember(GetADGroupMemberRequest request)
at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADAccountManagement.
GetADGroupMember(ADSessionHandle handle, GetADGroupMemberRequest request)
at Microsoft.ActiveDirectory.Management.ADAccountManagement.GetGroupMembers(String partitionDN, String groupDN, Boolean
recursive)
at Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember.GetADGroupMemberProcessCSRoutine()
at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke()
at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()
TargetObject : redacted
CategoryInfo : NotSpecified: (redacted:ADGroup) [Get-ADGroupMember], ADException
FullyQualifiedErrorId : ActiveDirectoryServer:8224,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}
有趣的是,我不能在我的开发环境重现此与账户管理类型的权限某些帐户下运行时(最明显的是那些只发生)。
有趣的是Get-ADGroup -Identity redacted -Properties member works just fine。问题是,我需要获得嵌套组的成员资格,我真的很喜欢避免重新发明轮子,如果我不需要的话。
这似乎是问题是权限相关,但我真的不知道从哪里开始。我做了一些搜索,发现了一些点击,但没有解决方案。
那么....任何人有任何想法或建议?
你可以显示一些你的代码周围的区域引发这个异常吗? – CalebB
如果(读取)用户是目标域的“Windows授权访问组”成员,读取嵌套成员身份需要读取“tokenGroupsGlobalAndUniversal”属性的权限,该属性是可读的。可能缺少组员身份? – TGlatzer
@Caleb,不知道你在找什么,因为它确实没有任何代码: Get-ADGroupMember -Identity Groupname -Recursive –