在 powershell 中的 cmdlet 调用中忽略证书错误 AD
Ignore Certificate Errors AD in cmdlet call in powershell
我正在尝试在 powershell 中执行 cmdlet Add-ADGroupMember,但出现此错误:
Add-ADGroupMember: Could not create the CN = domain.com.py chain of X.509 certificate. The certificate
Employee has a chain of trust that cannot be verified. Replace the certificate or change the value of
certificateValidationMode. The revocation function cannot verify the revocation because the server
revocation is offline.
Online: 1 Character: 1
+ Add-ADGroupMember -Identity "Group_Name" -Members user1 -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: SecurityError: (Group_Name: ADGroup) [Add-ADGroupMember], AuthenticationException
+ FullyQualifiedErrorId: ActiveDirectoryCmdlet: System.Security.Authentication.AuthenticationException, Microsoft.A
ctiveDirectory.Management.Commands.AddADGroupMember
我试过执行:
1-
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
2-
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
并尝试将证书添加到 mmc.exe,但是这些选项中的 none 对我有用,我做错了什么吗?还是我缺少其他选项?
通过在调用Add-ADGroupMember
时将参数-AuthType更改为0解决
我正在尝试在 powershell 中执行 cmdlet Add-ADGroupMember,但出现此错误:
Add-ADGroupMember: Could not create the CN = domain.com.py chain of X.509 certificate. The certificate
Employee has a chain of trust that cannot be verified. Replace the certificate or change the value of
certificateValidationMode. The revocation function cannot verify the revocation because the server
revocation is offline.
Online: 1 Character: 1
+ Add-ADGroupMember -Identity "Group_Name" -Members user1 -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: SecurityError: (Group_Name: ADGroup) [Add-ADGroupMember], AuthenticationException
+ FullyQualifiedErrorId: ActiveDirectoryCmdlet: System.Security.Authentication.AuthenticationException, Microsoft.A
ctiveDirectory.Management.Commands.AddADGroupMember
我试过执行: 1-
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
2-
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
并尝试将证书添加到 mmc.exe,但是这些选项中的 none 对我有用,我做错了什么吗?还是我缺少其他选项?
通过在调用Add-ADGroupMember
时将参数-AuthType更改为0解决