设置用户帐户密码时出现不可预测的输出
Unpredictable output when setting user account passwords
我有以下代码,顶部有一些设置,下面是从循环体内提取的代码:
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$DIR_SVCS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
## Other stuff...
## usersOU is set to the domain of the users (...,OU=users,dc=<domain>...)
Search-ADAccount -LockedOut -SearchBase $usersOU | Unlock-ADAccount
## Loop code...
$userID = 'myuser'
$password = 'TempPa$$w0rd'
$SecurePW = ConvertTo-SecureString ($password) -AsPlainText -Force
Set-ADAccountPassword $userID -Reset -NewPassword $SecurePW | Out-Null
if ((-Not $?) -or ($LASTEXITCODE -gt 0)) {
Throw "ERROR with Set-ADAccountPassword exit code $LASTEXITCODE on $userID"
}
if ($DIR_SVCS.ValidateCredentials($userID, $password)) {
Write-Host "Validated new account password: $userID"
} else {
Write-Host "FAILED validation of new account password: $userID"
}
这是跨一组用户和密码执行的,输出让我摸不着头脑:
Validated new account password: user1
FAILED validation of new account password: user2
FAILED validation of new account password: user3
Validated new account password: user4
FAILED validation of new account password: user5
...
我看不出为什么这对某些人失败而对其他人成功。所有被修改的用户都存在于上面解锁的“$usersOU”中,但我希望在 'Set-ADAccountPassword' 调用后抛出错误,或者所有验证调用都成功...
如果能帮助理解这里发生的事情,我们将不胜感激!
这通常在多域控制器环境中从 ActiveDirectory 模块和 .NET 查询活动目录时出现。这可以通过确保两者都与同一台服务器通信来缓解,最简单的方法可能是使用 $DIR_SVCS 中的 "ConnectedServer" 属性 和 Search-ADAccount
举个例子:
Search-ADAccount -LockedOut -SearchBase $usersOU -Server $DIR_SVCS.ConnectedServer | Unlock-ADAccount
我有以下代码,顶部有一些设置,下面是从循环体内提取的代码:
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$DIR_SVCS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
## Other stuff...
## usersOU is set to the domain of the users (...,OU=users,dc=<domain>...)
Search-ADAccount -LockedOut -SearchBase $usersOU | Unlock-ADAccount
## Loop code...
$userID = 'myuser'
$password = 'TempPa$$w0rd'
$SecurePW = ConvertTo-SecureString ($password) -AsPlainText -Force
Set-ADAccountPassword $userID -Reset -NewPassword $SecurePW | Out-Null
if ((-Not $?) -or ($LASTEXITCODE -gt 0)) {
Throw "ERROR with Set-ADAccountPassword exit code $LASTEXITCODE on $userID"
}
if ($DIR_SVCS.ValidateCredentials($userID, $password)) {
Write-Host "Validated new account password: $userID"
} else {
Write-Host "FAILED validation of new account password: $userID"
}
这是跨一组用户和密码执行的,输出让我摸不着头脑:
Validated new account password: user1
FAILED validation of new account password: user2
FAILED validation of new account password: user3
Validated new account password: user4
FAILED validation of new account password: user5
...
我看不出为什么这对某些人失败而对其他人成功。所有被修改的用户都存在于上面解锁的“$usersOU”中,但我希望在 'Set-ADAccountPassword' 调用后抛出错误,或者所有验证调用都成功...
如果能帮助理解这里发生的事情,我们将不胜感激!
这通常在多域控制器环境中从 ActiveDirectory 模块和 .NET 查询活动目录时出现。这可以通过确保两者都与同一台服务器通信来缓解,最简单的方法可能是使用 $DIR_SVCS 中的 "ConnectedServer" 属性 和 Search-ADAccount
举个例子:
Search-ADAccount -LockedOut -SearchBase $usersOU -Server $DIR_SVCS.ConnectedServer | Unlock-ADAccount