当帐户来自域A而组来自域B时,如何删除成员?

时间:2018-08-08 17:23:24

标签: powershell scripting active-directory

这是我的剧本:

# get distinguished name
$grpDN = (Get-QADGroup mw\AAA).dn
$UsrDN = (Get-QADUser sw\tx116).dn
# using Remove-QADGroupMember
Remove-QADGroupMember -Identity $grpDN -Member $UsrDN

这是错误:

  

Remove-QADGroupMember:服务器不愿意处理该请求。 (来自HRESULT的异常:0x80072035)

我也尝试使用

Remove-AdgroupMember 
Remove-ADPrincipalGroupMembership

这两个cmdlet都给我错误“无法找到具有身份的对象”,因为它们无法处理跨域。

对此有什么解决方案?

1 个答案:

答案 0 :(得分:0)

您曾经解决吗?

尝试

# get the group and user objects using the -Server parameter, something like this:
$Group = Get-ADGroup -Filter "Name -eq 'AAA'" -Server "DomainA.com"
$User  = Get-ADUser -Filter "Name -eq 'tx116'" -Server "DomainB.com"

# then remove the user, again with the -Server parameter set to the group domain
Set-ADObject -Identity $($Group.DistinguishedName) -Remove @{member="$($User.DistinguishedName)"} -Server "DomainA.com"
相关问题
最新问题