powershell:Set-ADUser:请求的操作不满足与对象类关联的一个或多个约束

时间:2015-01-23 23:48:25

标签: powershell

为了测试另一个脚本,我创建了一个快速而又脏的Powershellscript,以便能够在2个不同域中的多个OU中创建和删除大量Useraccounts。

虽然创建工作没有问题,但在设置$num且值大于1000时,我无法通过Set-AdUser填充帐户,但是:如果脚本正常工作我从1或100开始。

使用1000 +时,我总是会发现以下错误:

Set-ADUser : The requested operation did not satisfy one or more constraints associated with the class of the object
At C:\Users\Administrator.TEST\Desktop\ps\createSomeUsers.ps1:117 char:9
+         Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $W ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (10000000:ADUser) [Set-ADUser], ADInvalidOperationException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8212,Microsoft.ActiveDirectory.Management.Commands.SetADUser

这是从哪里来的?这是我脚本中的问题吗?如果我手动使用set-AdUser值为10000000,它似乎没有问题。

出于测试目的,我必须使用8位数字!

以下是整个事情:

$dc1 = "192.168.3.99" # DC1
$dc2 = "192.168.2.99"  # DC2

# OUs in where to create the accounts
$ou1_1 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou2_1 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou3_1 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=relf,DC=com"

$ou1_2 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou2_2 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou3_2 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=TEST,DC=com"

# number of users in OUs
$ou1_amount = 1
$ou2_amount = 1
$ou3_amount = 1

# numeration
$num = 10000000

# total Nr. of accounts
$acc_total = $ou1_amount + $ou2_amount + $ou3_amount

# path and filename 4 .logfiles
$invocation = (Get-Variable MyInvocation).Value
$curdir = Split-Path $invocation.MyCommand.Path
# check if logfile folder is not created yet, if not: create
$tp = $curdir + "\logfiles\"
if (!(Test-Path -Path $tp)) {
new-item $tp -itemtype directory
}
$logfilepath = $tp

# Username and PW for dc1 and dc2:
$creds1 = "relf\PS-User"
$creds2 = "TEST\PS-User"
$pass1 = gc $curdir"\securestring1.txt" | convertto-securestring 
$pass2 = gc $curdir"\securestring2.txt" | convertto-securestring 
$WPS_AdminCredentials1 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds1,$pass1    
$WPS_AdminCredentials2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds2,$pass2   

# Attributes
$attributes = "c","co","company","countryCode","department","Description","displayName",
                "givenName","mail","physicalDeliveryOfficeName","postalAddress",
                "postalCode","sAMAccountName","sn","st","streetAddress",
                "telephoneNumber","title","wWWHomePage","l","postOfficeBox"

# The ultimate question
$d_O_c = Read-Host '[D]elete OR [C]reate?'

if ($d_O_c -eq "c") {
    write-host "OU1"
    while ($ou1_amount -gt 0) {
        New-ADUser -Name $num -Path $ou1_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        New-ADUser -Name $num -Path $ou1_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        write-host $num "of" $acc_total "created"
        $ou1_amount--
        $num++
        }

    write-host "OU2"
    while ($ou2_amount -gt 0) {
        New-ADUser -Name $num -Path $ou2_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        New-ADUser -Name $num -Path $ou2_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        write-host $num "of" $acc_total "created"
        $ou2_amount--
        $num++
        }

    write-host "OU3"
    while ($ou3_amount -gt 0) {
        New-ADUser -Name $num -Path $ou3_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        New-ADUser -Name $num -Path $ou3_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
        -AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true

        write-host $num "of" $acc_total "created"
        $ou3_amount--
        $num++
        }
`
    $num--
    while ($num -ge 10000000) {
        $hash = @{}
        $attributes | % {
            $hash[$_] = $num
        }
        Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
        write-host $num "edited"
        $num--
    }
}
elseif ($d_O_c -eq "d") {
    $latest = 10000000 + $acc_total
    $latest--
    while ($latest -ge 10000000) {
    Remove-ADUser -Identity $latest -Confirm:$false -Server $dc1 -Credential $WPS_AdminCredentials1
    Remove-ADUser -Identity $latest -Confirm:$false -Server $dc2 -Credential $WPS_AdminCredentials2
    write-host $latest "deleted"
    $latest--
    }
}

编辑:正如Matt在评论中所提到的,错误消息只与AD中某些属性的某些限制有关。 我现在使用另一个更短的值来表示所有属性。 谢谢你的帮助!

1 个答案:

答案 0 :(得分:0)

我无法找到我想添加到此的官方文档,但似乎您尝试根据您获得的错误为AD对象属性分配无效值:

  

请求的操作不满足与对象类相关的一个或多个约束

看看你的样本,它似乎来自这部分代码。

while ($num -ge 10000000) {
    $hash = @{}
    $attributes | % {
        $hash[$_] = $num
    }
    Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
    write-host $num "edited"
    $num--
}

您正在使用AD属性构建$hash,并从我所看到的内容中为它们分配10000000的所有值。我知道有些属性不允许这样做。不确定您是否正在制作测试/虚拟帐户,但您不能简单地创建一组用户 all 可设置的属性是相同的数字。

旁注

我们在评论中谈到了错误中的行号以及与您的代码匹配。在这种情况下,很容易找到错误的来源,但下次尝试并尽可能清楚地了解错误和错误发生的位置。

如果您仍然遇到此问题,请更新您的问题或提出新问题,如果它与此问题太不同。