"ValidateCredentials" "The server cannot handle directory requests." 中的异常

Exception in "ValidateCredentials" "The server cannot handle directory requests."

我在安装过程中使用 Windows PowerShell 来查询和验证用户的 Windows 凭据。直到昨天,它都运行良好。现在我公司的IT部门更改了域控制器的一些配置,现在我得到以下异常。

Exception calling "ValidateCredentials" with "2" argument(s): "The server cannot
handle directory requests."
At line:32 char:5
+ if ($pc.ValidateCredentials($username, $credential.GetNetworkCredenti ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DirectoryOperationException

根据我的研究,我已经发现它与丢失的 SSL 连接有关。我必须在代码的某处添加 ContextOptions.SecureSocketLayer问题是:该参数的正确位置在哪里?我找不到任何 PowerShell 示例。

这是我用来检查凭据的脚本:

$credential = $Host.UI.PromptForCredential("Need credentials.", "For using Windows Integrated Authentication please provide the login information for the user that has access to the Microsoft SQL Server database.", "", "")
if (!$credential) {
    Write-Output "No credentials provided"
    return
}

[System.Reflection.Assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement')

$system = Get-WmiObject -Class Win32_ComputerSystem

if ($credential.GetNetworkCredential().Domain) {
    Write-Output "Credentials contain domain"
    if ($credential.GetNetworkCredential().Domain -eq $system.Name) {
        Write-Output "Domain is local system"
        $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
    } else {
        Write-Output "Domain is network domain"
        $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $credential.GetNetworkCredential().Domain
    }
    $username = $credential.UserName
} elseif (0, 2 -contains $system.DomainRole) {
    $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
    $username = $system.Name + '\' + $credential.GetNetworkCredential().UserName
} else {
    $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain
    $username = $system.Domain + '\' + $credential.GetNetworkCredential().UserName
}

if ($pc.ValidateCredentials($username, $credential.GetNetworkCredential().Password)) {
    Write-Output "Validation successfull"
} else {
    Write-Output "Validation failed"
}

作为,您可以将ContextOptions值传递给PrincipalContext构造函数:

$DefaultNC = "DC=$($system.Domain -replace '\.',',DC=')"
# ...
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain, $DefaultNC, ([System.DirectoryServices.AccountManagement.ContextOptions]'SecureSocketLayer,Negotiate')

必须指定身份验证选项(NegotiateSimpleBind),因此 'SecureSocketLayer,Negotiate'