我可以通过
创建新用户$userContainerPath = 'LDAP://' + $targetADDomain
$userContainer = New-Object System.DirectoryServices.DirectoryEntry -ArgumentList $userContainerPath
$proxyObject = $userContainer.Children.Add('CN=' + $sAMAccountName, 'userProxy')
$proxyObject.InvokeSet('ObjectSID', $objectSID)
$proxyObject.CommitChanges()
不幸的是我找不到删除它们的方法。
Remove-ADUser -Identity "A00003" -server WIN-1:50000 -Partition "CN=test,DC=test,DC=com" -Confirm:$false
不起作用。它告诉我用户不存在(我认为它在某种程度上是在寻找AD而不是AD LDS)。
所以我找到了我想用
删除的对象Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-1:50000" -Properties ObjectSID
当我单独运行此行时,我可以在输出中看到。但是一旦我将它传递给delete命令,它就说它不存在:
Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-JJ2KH3FU6AA:50000" -Properties ObjectSID | Remove-ADUser
我收到以下错误:
Remove-ADUser : Cannot find an object with identity: 'CN=A00003,CN=Users,CN=test,
DC=test,DC=com' under: 'CN=test,DC=test,DC=com'.
At C:\Users\Administrator\Documents\RemoveProxyLink.ps1:46 char:144
+ ... es ObjectSID | Remove-ADUser
+ ~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (CN=A00003,CN=Us...,DC=test,DC=com:ADUser) [Remove-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADUser
如何删除创建的用户?我究竟做错了什么?我可以看到对象但不能删除它。
答案 0 :(得分:1)
As you note in your own code, objects of type "userProxyFull" cannot be manipulated with Get-ADUser or Remove-ADUser. Pipe your resulting object from Get-ADObject to Remove-ADObject.
E.g.
Get-ADObject -Filter {name -eq "A00003"} -SearchBase "CN=Users,CN=test,DC=test,DC=com" -Server "WIN-JJ2KH3FU6AA:50000" | Remove-ADObject