get-adgroupmember - 当组具有来自其他域的成员时失败。

时间:2015-09-24 00:59:53

标签: powershell powershell-v3.0

例如。我在domainA.local上。我运行这个命令。

get-adgroupmember -Identity groupA

如果该组的任何成员属于另一个域(domainB \ user等等),则它将失败并显示此消息。

get-adgroupmember : The server was unable to process the request due to an internal error.  For more information about
the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the
<serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or
turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
At line:1 char:1
+ get-adgroupmember -Identity groupA
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (groupA:ADGroup) [Get-ADGroupMember], ADException
    + FullyQualifiedErrorId : The server was unable to process the request due to an internal error.  For more informa
   tion about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from
  the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the cl
 ient, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace lo
gs.,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

关于如何解决这个问题的任何想法?作为今天的解决方法,我只有一个来自另一个域的组中的用户,所以我只是删除它们,运行我的脚本然后将它们放回去。因此,我非常积极地因为这个原因而失败了。任何帮助将非常感激。

2 个答案:

答案 0 :(得分:1)

如果他们在不同的域中,并且您拥有该域的权限,请尝试使用try / catch循环,如下例所示。使用try / catch,你告诉PowerShell尝试{block of code},如果有错误,不要杀死脚本,而是抓住{}并运行另一段代码。

$DomainBCreds = get-credential
  try {get-adgroupmember -Identity groupA -ErrorAction Stop}
catch {Get-AdGroupMember -Identity GroupA -Credential DomainB}

或者,如果您只是希望命令继续运行,即使出现错误,也可以运行Get-ADGroupMember ... -ErrorAction SilentlyContinue,但这不是最佳做法。

答案 1 :(得分:0)

我希望对此有更好的答案。我现在有这个确切的问题。发生此错误时,该命令不会停止运行,但会继续,但是对于拥有来自域B帐户的任何组,您都不会获得结果。