powershell:Set-ADUser:请求的操作不满足与对象的 class 关联的一个或多个约束
powershell: Set-ADUser : The requested operation did not satisfy one or more constraints associated with the class of the object
为了测试另一个脚本,我创建了一个快速但不完善的 Powershell 脚本,以便能够在 2 个不同域的多个 OU 中创建和删除大量用户帐户。
虽然创建工作没有问题,但在设置 $num 值大于 1000 时,我无法通过 Set-AdUser 为帐户填充一些属性。但是:脚本工作正常,如果我从 1 或 100 开始。
我在使用1000+时总是报以下错误:
Set-ADUser : The requested operation did not satisfy one or more constraints associated with the class of the object
At C:\Users\Administrator.TEST\Desktop\ps\createSomeUsers.ps1:117 char:9
+ Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $W ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (10000000:ADUser) [Set-ADUser], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8212,Microsoft.ActiveDirectory.Management.Commands.SetADUser
这是从哪里来的?这是我脚本中的问题吗?如果我手动使用值为 10000000 的 set-AdUser,它似乎可以正常工作。
出于测试目的,我必须使用 8 位数字!
完整内容如下:
$dc1 = "192.168.3.99" # DC1
$dc2 = "192.168.2.99" # DC2
# OUs in where to create the accounts
$ou1_1 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou2_1 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou3_1 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou1_2 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou2_2 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou3_2 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=TEST,DC=com"
# number of users in OUs
$ou1_amount = 1
$ou2_amount = 1
$ou3_amount = 1
# numeration
$num = 10000000
# total Nr. of accounts
$acc_total = $ou1_amount + $ou2_amount + $ou3_amount
# path and filename 4 .logfiles
$invocation = (Get-Variable MyInvocation).Value
$curdir = Split-Path $invocation.MyCommand.Path
# check if logfile folder is not created yet, if not: create
$tp = $curdir + "\logfiles\"
if (!(Test-Path -Path $tp)) {
new-item $tp -itemtype directory
}
$logfilepath = $tp
# Username and PW for dc1 and dc2:
$creds1 = "relf\PS-User"
$creds2 = "TEST\PS-User"
$pass1 = gc $curdir"\securestring1.txt" | convertto-securestring
$pass2 = gc $curdir"\securestring2.txt" | convertto-securestring
$WPS_AdminCredentials1 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds1,$pass1
$WPS_AdminCredentials2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds2,$pass2
# Attributes
$attributes = "c","co","company","countryCode","department","Description","displayName",
"givenName","mail","physicalDeliveryOfficeName","postalAddress",
"postalCode","sAMAccountName","sn","st","streetAddress",
"telephoneNumber","title","wWWHomePage","l","postOfficeBox"
# The ultimate question
$d_O_c = Read-Host '[D]elete OR [C]reate?'
if ($d_O_c -eq "c") {
write-host "OU1"
while ($ou1_amount -gt 0) {
New-ADUser -Name $num -Path $ou1_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou1_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou1_amount--
$num++
}
write-host "OU2"
while ($ou2_amount -gt 0) {
New-ADUser -Name $num -Path $ou2_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou2_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou2_amount--
$num++
}
write-host "OU3"
while ($ou3_amount -gt 0) {
New-ADUser -Name $num -Path $ou3_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou3_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou3_amount--
$num++
}
`
$num--
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
}
elseif ($d_O_c -eq "d") {
$latest = 10000000 + $acc_total
$latest--
while ($latest -ge 10000000) {
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc1 -Credential $WPS_AdminCredentials1
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $latest "deleted"
$latest--
}
}
编辑:正如 Matt 在评论中提到的,错误消息仅与 AD 中某些属性的某些限制有关。
我现在对所有属性使用另一个更短的值。
感谢您的帮助!
我找不到要添加到此的官方文档,但根据您收到的错误,您似乎正在尝试为 AD 对象 属性 分配无效值:
The requested operation did not satisfy one or more constraints associated with the class of the object
查看您的示例,它似乎来自这部分代码。
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
您正在使用 AD 属性构建 $hash,并根据我所见为它们分配 10000000 的所有值。我知道有些属性不允许这样做。不确定您是否正在创建 test/dummy 帐户,但您不能简单地创建一堆用户,其中 所有 可设置的属性都是相同的数字。
旁注
我们在评论中讨论了错误的行号以及与您的代码匹配的问题。在这种情况下,很容易找到错误的来源,但下次尝试并尽可能清楚地了解什么错误以及发生错误的位置。
如果您仍然对此有疑问,请更新您的问题,或者提出一个新问题(如果它与这个问题有很大不同)。
为了测试另一个脚本,我创建了一个快速但不完善的 Powershell 脚本,以便能够在 2 个不同域的多个 OU 中创建和删除大量用户帐户。
虽然创建工作没有问题,但在设置 $num 值大于 1000 时,我无法通过 Set-AdUser 为帐户填充一些属性。但是:脚本工作正常,如果我从 1 或 100 开始。
我在使用1000+时总是报以下错误:
Set-ADUser : The requested operation did not satisfy one or more constraints associated with the class of the object
At C:\Users\Administrator.TEST\Desktop\ps\createSomeUsers.ps1:117 char:9
+ Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $W ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (10000000:ADUser) [Set-ADUser], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8212,Microsoft.ActiveDirectory.Management.Commands.SetADUser
这是从哪里来的?这是我脚本中的问题吗?如果我手动使用值为 10000000 的 set-AdUser,它似乎可以正常工作。
出于测试目的,我必须使用 8 位数字!
完整内容如下:
$dc1 = "192.168.3.99" # DC1
$dc2 = "192.168.2.99" # DC2
# OUs in where to create the accounts
$ou1_1 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou2_1 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou3_1 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou1_2 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou2_2 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou3_2 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=TEST,DC=com"
# number of users in OUs
$ou1_amount = 1
$ou2_amount = 1
$ou3_amount = 1
# numeration
$num = 10000000
# total Nr. of accounts
$acc_total = $ou1_amount + $ou2_amount + $ou3_amount
# path and filename 4 .logfiles
$invocation = (Get-Variable MyInvocation).Value
$curdir = Split-Path $invocation.MyCommand.Path
# check if logfile folder is not created yet, if not: create
$tp = $curdir + "\logfiles\"
if (!(Test-Path -Path $tp)) {
new-item $tp -itemtype directory
}
$logfilepath = $tp
# Username and PW for dc1 and dc2:
$creds1 = "relf\PS-User"
$creds2 = "TEST\PS-User"
$pass1 = gc $curdir"\securestring1.txt" | convertto-securestring
$pass2 = gc $curdir"\securestring2.txt" | convertto-securestring
$WPS_AdminCredentials1 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds1,$pass1
$WPS_AdminCredentials2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds2,$pass2
# Attributes
$attributes = "c","co","company","countryCode","department","Description","displayName",
"givenName","mail","physicalDeliveryOfficeName","postalAddress",
"postalCode","sAMAccountName","sn","st","streetAddress",
"telephoneNumber","title","wWWHomePage","l","postOfficeBox"
# The ultimate question
$d_O_c = Read-Host '[D]elete OR [C]reate?'
if ($d_O_c -eq "c") {
write-host "OU1"
while ($ou1_amount -gt 0) {
New-ADUser -Name $num -Path $ou1_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou1_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou1_amount--
$num++
}
write-host "OU2"
while ($ou2_amount -gt 0) {
New-ADUser -Name $num -Path $ou2_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou2_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou2_amount--
$num++
}
write-host "OU3"
while ($ou3_amount -gt 0) {
New-ADUser -Name $num -Path $ou3_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou3_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou3_amount--
$num++
}
`
$num--
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
}
elseif ($d_O_c -eq "d") {
$latest = 10000000 + $acc_total
$latest--
while ($latest -ge 10000000) {
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc1 -Credential $WPS_AdminCredentials1
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $latest "deleted"
$latest--
}
}
编辑:正如 Matt 在评论中提到的,错误消息仅与 AD 中某些属性的某些限制有关。 我现在对所有属性使用另一个更短的值。 感谢您的帮助!
我找不到要添加到此的官方文档,但根据您收到的错误,您似乎正在尝试为 AD 对象 属性 分配无效值:
The requested operation did not satisfy one or more constraints associated with the class of the object
查看您的示例,它似乎来自这部分代码。
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
您正在使用 AD 属性构建 $hash,并根据我所见为它们分配 10000000 的所有值。我知道有些属性不允许这样做。不确定您是否正在创建 test/dummy 帐户,但您不能简单地创建一堆用户,其中 所有 可设置的属性都是相同的数字。
旁注
我们在评论中讨论了错误的行号以及与您的代码匹配的问题。在这种情况下,很容易找到错误的来源,但下次尝试并尽可能清楚地了解什么错误以及发生错误的位置。
如果您仍然对此有疑问,请更新您的问题,或者提出一个新问题(如果它与这个问题有很大不同)。