为了测试另一个脚本,我创建了一个快速而又脏的Powershellscript,以便能够在2个不同域中的多个OU中创建和删除大量Useraccounts。
虽然创建工作没有问题,但在设置$num
且值大于1000时,我无法通过Set-AdUser填充帐户,但是:如果脚本正常工作我从1或100开始。
使用1000 +时,我总是会发现以下错误:
Set-ADUser : The requested operation did not satisfy one or more constraints associated with the class of the object
At C:\Users\Administrator.TEST\Desktop\ps\createSomeUsers.ps1:117 char:9
+ Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $W ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (10000000:ADUser) [Set-ADUser], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8212,Microsoft.ActiveDirectory.Management.Commands.SetADUser
这是从哪里来的?这是我脚本中的问题吗?如果我手动使用set-AdUser值为10000000,它似乎没有问题。
出于测试目的,我必须使用8位数字!
以下是整个事情:
$dc1 = "192.168.3.99" # DC1
$dc2 = "192.168.2.99" # DC2
# OUs in where to create the accounts
$ou1_1 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou2_1 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou3_1 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=relf,DC=com"
$ou1_2 = "OU=Users,OU=mop,OU=e01,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou2_2 = "OU=Users,OU=loh,OU=e03,OU=DE,OU=EMEA,DC=TEST,DC=com"
$ou3_2 = "OU=Users,OU=fer,OU=e05,OU=DE,OU=EMEA,DC=TEST,DC=com"
# number of users in OUs
$ou1_amount = 1
$ou2_amount = 1
$ou3_amount = 1
# numeration
$num = 10000000
# total Nr. of accounts
$acc_total = $ou1_amount + $ou2_amount + $ou3_amount
# path and filename 4 .logfiles
$invocation = (Get-Variable MyInvocation).Value
$curdir = Split-Path $invocation.MyCommand.Path
# check if logfile folder is not created yet, if not: create
$tp = $curdir + "\logfiles\"
if (!(Test-Path -Path $tp)) {
new-item $tp -itemtype directory
}
$logfilepath = $tp
# Username and PW for dc1 and dc2:
$creds1 = "relf\PS-User"
$creds2 = "TEST\PS-User"
$pass1 = gc $curdir"\securestring1.txt" | convertto-securestring
$pass2 = gc $curdir"\securestring2.txt" | convertto-securestring
$WPS_AdminCredentials1 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds1,$pass1
$WPS_AdminCredentials2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $creds2,$pass2
# Attributes
$attributes = "c","co","company","countryCode","department","Description","displayName",
"givenName","mail","physicalDeliveryOfficeName","postalAddress",
"postalCode","sAMAccountName","sn","st","streetAddress",
"telephoneNumber","title","wWWHomePage","l","postOfficeBox"
# The ultimate question
$d_O_c = Read-Host '[D]elete OR [C]reate?'
if ($d_O_c -eq "c") {
write-host "OU1"
while ($ou1_amount -gt 0) {
New-ADUser -Name $num -Path $ou1_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou1_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou1_amount--
$num++
}
write-host "OU2"
while ($ou2_amount -gt 0) {
New-ADUser -Name $num -Path $ou2_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou2_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou2_amount--
$num++
}
write-host "OU3"
while ($ou3_amount -gt 0) {
New-ADUser -Name $num -Path $ou3_1 -SamAccountName $num -DisplayName $num -Server $dc1 -Credential $WPS_AdminCredentials1 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
New-ADUser -Name $num -Path $ou3_2 -SamAccountName $num -DisplayName $num -Server $dc2 -Credential $WPS_AdminCredentials2 `
-AccountPassword (ConvertTo-SecureString "pw1234" -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
write-host $num "of" $acc_total "created"
$ou3_amount--
$num++
}
`
$num--
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
}
elseif ($d_O_c -eq "d") {
$latest = 10000000 + $acc_total
$latest--
while ($latest -ge 10000000) {
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc1 -Credential $WPS_AdminCredentials1
Remove-ADUser -Identity $latest -Confirm:$false -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $latest "deleted"
$latest--
}
}
编辑:正如Matt在评论中所提到的,错误消息只与AD中某些属性的某些限制有关。 我现在使用另一个更短的值来表示所有属性。 谢谢你的帮助!
答案 0 :(得分:0)
我无法找到我想添加到此的官方文档,但似乎您尝试根据您获得的错误为AD对象属性分配无效值:
请求的操作不满足与对象类相关的一个或多个约束
看看你的样本,它似乎来自这部分代码。
while ($num -ge 10000000) {
$hash = @{}
$attributes | % {
$hash[$_] = $num
}
Set-ADUser -Identity $num -replace $hash -Server $dc2 -Credential $WPS_AdminCredentials2
write-host $num "edited"
$num--
}
您正在使用AD属性构建$hash
,并从我所看到的内容中为它们分配10000000
的所有值。我知道有些属性不允许这样做。不确定您是否正在制作测试/虚拟帐户,但您不能简单地创建一组用户 all 可设置的属性是相同的数字。
旁注
我们在评论中谈到了错误中的行号以及与您的代码匹配。在这种情况下,很容易找到错误的来源,但下次尝试并尽可能清楚地了解错误和错误发生的位置。
如果您仍然遇到此问题,请更新您的问题或提出新问题,如果它与此问题太不同。