长时间潜伏,但我终于找到了一个我无法找到答案的问题所以我决定是时候加入了。我试图收集AD中超过X天的计算机列表($ DelCompDays)。然后基于DistinguishedName字段,使用Identity标志删除该计算机。问题甚至是我得到的域管理员信用:删除 - ADComputer:访问被拒绝
即使我运行Remove-ADComputer -Identity" Full CN或Short name"我被拒绝访问。有人有主意吗?提前谢谢!
#Get AD computers older than $DelCompDays
$results = Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan "$DelCompDays.00:00:00"
#Loop and try to delete
foreach ($result in $results){
if ($result -ne $NULL){
try {
Remove-ADComputer -Identity $result.DistinguishedName -confirm:$false
$Success = "Deleted: $result.DistinguishedName"
WriteCustomOutput -message "$Success" -foregroundcolor green -backgroundcolor DarkMagenta
}
catch {
$Error = "Failed to delete: $result.DistinguishedName"
WriteCustomOutput -message "$Error" -foregroundcolor Red -backgroundcolor Black
}
}
else{
$Warning = "No computers older than $ArcDays days to delete"
WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta
}
}
答案 0 :(得分:1)
想出来。运行非交互式时,需要在命令调用中指定信用。
$secpasswd = ConvertTo-SecureString "ClearTextPass" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("Username", $secpasswd)
Remove-ADComputer -Identity $result.DistinguishedName -Recursive -confirm:$false -credential $creds