从域A中具有域B成员的组中读取组成员身份时,出现此错误:
TerminatingError(Get-ADGroupMember): "The server was unable to process the
request due to an internal error. For more information about the error,
either turn on IncludeExceptionDetailInFaults (either from
ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior)
两个域之间存在单向信任。我可以访问这两者,但是要使用单独的帐户。我正在运行的脚本正在尝试删除已禁用的帐户,但是对于拥有来自域B成员的任何组来说,该脚本都将失败。我正在从域A中的服务器运行该脚本。由于单向信任,如果我尝试使用我的域A帐户从域B运行它,我得到一个错误。
#removes disabled accounts from SGs in the I-Drive OU
Start-Transcript -Path "c:\temp\removeddisableduserslog_$(get-date -f yyyy-MM-dd).txt"
$searchOU = "OU=I-Drive,OU=SAS,OU=Application Security Groups,OU=Groups,OU=Enterprise,DC=x,DC=y,DC=com"
Get-ADGroup -Filter 'GroupCategory -eq "Security"' -SearchBase $searchOU | ForEach-Object{
$group = $_
Get-ADGroupMember -Identity $group | Get-ADUser | Where-Object { $_.Enabled -eq $false} | ForEach-Object{
$user = $_
$uname = $user.Name
$gname = $group.Name
Write-Host "Removing $uname from $gname" -Foreground Yellow
Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false
}
}
有什么方法可以避免吗?