当我运行.ps1时,我写过基于从WinForm传递给它的参数创建AD帐户和邮箱我一直都会收到错误:
New-ADUser:访问被拒绝
当有人点击winform中的按钮时脚本运行,下面是按钮发出的命令:
Powershell.exe "C:\Users\admin\Scripts\usercreationscript.ps1" -department 'Accounting - North America' -GivenName 'test' -Surname 'testlast' -path 'OU=users,DC=domain1,DC=com' -Title 'Sys Admin' -Office 'NJ' -StreetAddress '123 ST' -City 'Moorestown' -PostalCode '08057' -State 'NJ' -Manager 'Jacobb' -MercuryFlag 0 -MirroredUser 'jacobb' -username 'test.testlast'
我已将远程服务器上的执行策略设置为unrestricted,并且还运行了Enable-PSRemoting命令。我提示时提供的凭据是域管理员凭据。我还将可信主机设置为*
当我在Powershell ISE中打开脚本时,我可以使用脚本中的Enter-PSSession命令连接到远程服务器,并且可以成功创建AD帐户。
我对导致问题的原因感到茫然。
完整脚本:
param( [string]$username, [string]$department, [string]$GivenName, [string]$Surname, [string]$path, [string]$Title, [string]$Office, [string]$StreetAddress, [string]$City, [string]$PostalCode, [string]$State, [string]$Manager, [string]$MercuryFlag, [string]$MirroredUser)
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
#"No Administrative rights, it will display a popup window asking user for Admin rights"
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process "$psHome\powershell.exe" -Verb runAs -ArgumentList $arguments
break
}
#"After user clicked Yes on the popup, your file will be reopened with Admin rights"
#"Put your code here"
#region - Required Functions - ONLY MODIFY AFTER BACKING UP COPY OF SCRIPT
function connect-Domain1AD {
Enter-PSSession -ComputerName DC1.domain1.com -Credential $Credentialdomain1
}
function Connect-Domain1Exchange {
$domain1session = New-PSSession -Authentication Kerberos -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchange1.domain1.com/Powershell' -Credential $Credentialdomain1
Import-PSSession $domain1session
}
function Connect-Domain2Exchange {
$session = New-PSSession -Authentication Kerberos -ConnectionUri 'http://exchange1.domain2.com/Powershell' -Credential $Credentialdomain2
Enter-PSSession $Session
}
function Connect-Domain2AD {
Enter-PSSession -ComputerName Dc1.domain2.com -Credential $Credentialdomain2
}
function New-Domain2User{
$userroot ="\\arizona\RemoteAppProfiles\$USERNAME"
New-ADUser `
-name ($givenname + " " + $surname) `
-SamAccountName $Username `
-department $department `
-Title $title `
-office $office `
-StreetAddress $street `
-city $city `
-State $state `
-PostalCode $PostalCode `
-path "OU=users,DC=domain2,DC=com" `
-GivenName $GivenName `
-Surname $Surname `
-DisplayName ($givenname + " " + $surname) `
-userPrincipalName ($username + "@domain2.com") `
-AccountPassword (ConvertTo-SecureString "A temp password." -AsPlainText -force) `
-Enabled $true `
-PasswordNeverExpires $true `
-CannotChangePassword $false `
-ProfilePath \\arizona\RemoteAppProfiles\$Username\ `
-HomeDrive U: `
-HomeDirectory $userroot
Set-ADUser $USERNAME -Add @{extensionattribute14=$username}
}
function New-Domain1User {
New-aduser -name ($givenname + " " + $surname) `
-GivenName $givenname `
-Surname $surname `
-DisplayName ($givenname + " " + $surname) `
-SamAccountName $Username `
-userPrincipalName ($username + "@goevo.com") `
-path $path `
-AccountPassword (ConvertTo-SecureString "A temp password." -AsPlainText -force) `
-Enabled $true `
-PasswordNeverExpires $false `
-CannotChangePassword $false `
-department $department `
-Title $title `
-office $office `
-StreetAddress $street `
-city $city `
-State $state `
-PostalCode $zipcode `
-Manager $Manager
}
function New-Domain1Mailbox {
Enable-mailbox -identity $username
Set-Mailbox -identity $username `
-customAttribute1 "Domain1" `
-customAttribute2 "user" `
-customAttribute3 "Internal" `
-customAttribute5 $office `
-customattribute6 $department `
-customattribute7 $ca7 `
-customattribute8 $ca8
}
#endregion - Required Functions
Write-Host $MercuryFlag
If($MercuryFlag -eq '1' ){
Set-variable -name Credentialdomain2 -value $Host.ui.PromptForCredential("Need Domain2 credentials", "Please enter your Domain2 user name and password:", "", "Domain2.com") -scope global
Connect-Domain2AD
import-module activedirectory
New-Domain2User
Exit-PSSession
get-pssession | remove-pssession
Set-variable -name Credentialdomain1 -value $Host.ui.PromptForCredential("Need Domain1 credentials", "Please enter your Domain1 user name and password:", "", "Domain1.com") -scope global
connect-Domain1AD
New-Domain1User
Exit-PSSession
get-pssession | remove-pssession
Connect-Domain1Exchange
New-Domain1Mailbox
Exit-PSSession
get-pssession | remove-pssession
}
else {
Set-variable -name Credentialdomain1 -value $Host.ui.PromptForCredential("Need Domain1 credentials", "Please enter your Domain1 user name and password:", "", "Domain1.com") -scope global
connect-Domain1AD
New-Domain1User
Exit-PSSession
get-pssession | remove-pssession
Connect-Domain1Exchange
New-Domain1Mailbox
Exit-PSSession
get-pssession | remove-pssession
}
答案 0 :(得分:0)
我能够通过改变来修复它 :
function connect-Domain1AD {
Enter-PSSession -ComputerName DC1.domain1.com -Credential $Credentialdomain1
}
到
function connect-Domain1AD {
$domain1ad = new-pssession -ComputerName DC1.domain1.com -Credential $Credentialdomain1
Invoke-Command –Session $domain1ad –ScriptBlock {Import-Module ActiveDir*}
Import-PSSession –Session $domain1ad –Module ActiveDir* -AllowClobber
}