Ps1 创建自定义属性脚本来 Set-ADObject :“参数不正确”/从服务器返回了引用
我有一个 powershell 脚本来创建一组自定义 AD 属性。它可以在运行 win 2019 的本地虚拟机上运行。它不能在 Win 2019 服务器上运行(在 AWS - EC2 映像中创建,其中 1 个盒子是主 DC,另一个盒子是复制的 AD)。我在复制服务器上运行它,而不是在主直流服务器上(也许这就是问题所在?) 这是脚本:
# Create a new Object Identifier (OID) using a test prefix.
Function New-AttributeID {
$Prefix = "1.2.840.113556.1.8000.2554"
$GUID = [System.Guid]::NewGuid().ToString()
$Parts = @()
$Parts += [UInt64]::Parse($GUID.SubString(0, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(4, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(9, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(14, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(19, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(24, 6), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(30, 6), "AllowHexSpecifier")
$OID = [String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}", $Prefix, $Parts[0], $Parts[1], $Parts[2], $Parts[3], $Parts[4], $Parts[5], $Parts[6])
return $OID
}
# ...
#
# Create a new attribute and attach it to User Objects.
#
# PARAMETER $Name
# The name of the attribute you are creating. This will be the CN and the LDAP Display Name. Using a standard prefix
# is a good practice to follow.
#
# PARAMETER $LDAPDisplayName
# The attribute's display name.
#
# PARAMETER $AdminDescription
# A short description that is added as metadata to the attribute.
#
# PARAMETER [$AttributeID]
# An optional Object Identifier (OID) to assign to the attribute. If omitted, a new OID is generated.
Function Update-Schema {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')]
param(
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)]$Name,
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)][Alias('DisplayName')]$LDAPDisplayName,
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)][Alias('Description')]$AdminDescription,
[Parameter(ValueFromPipelinebyPropertyName)][Alias('OID')]$AttributeID = (New-AttributeID)
)
BEGIN {}
PROCESS {
$schemaPath = (Get-ADRootDSE).schemaNamingContext
$type = 'attributeSchema'
$attributes = @{
lDAPDisplayName = $Name;
attributeId = $AttributeID;
oMSyntax = 4; # octet string
attributeSyntax = "2.5.5.10";
isSingleValued = $false;
adminDescription = $AdminDescription;
}
$confirmationMessage = "$schemaPath. This cannot be undone"
$caption = 'Updating Active Directory Schema'
if ($PSCmdlet.ShouldProcess($confirmationMessage, $caption)) {
# ...
#
# Create attribute.
New-ADObject -Name $Name -Type $type -Path $schemapath -OtherAttributes $attributes
# ...
#
# Attach attribute to User Object.
$userSchema = Get-ADObject -SearchBase $schemaPath -Filter 'name -eq "user"'
$userSchema | Set-ADObject -Add @{mayContain = $Name}
}
}
END {}
}
当它第一次迭代创建第一个属性时,我收到此错误:
New-ADObject : A referral was returned from the server
At C:\update_ad_schema_shared_ad_storage.ps1:77 char:9
+ New-ADObject -Name $Name -Type $type -Path $schemapath -Other ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (cn=sc-custom1,C...<DomainNameHere>,DC=com:String) [New-ADObject], ADReferralException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.NewADObject
Set-ADObject : The parameter is incorrect
At C:\update_ad_schema_shared_ad_storage.ps1:83 char:23
+ $userSchema | Set-ADObject -Add @{mayContain = $Name}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=User,CN=Sche...<domainNameHere>,DC=com:ADObject) [Set-ADObject], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:87,Microsoft.ActiveDirectory.Management.Commands.SetADObject
I have a powershell script to create a set of Custom AD Attributes. It works on a local VM with win 2019. It does NOT work on a Win 2019 Server (created in AWS - EC2 image where 1 box is the main DC and the other box is a replicated AD). I was running this on the replicated server, not the main dc (maybe that's the problem?)
This is the script:
# Create a new Object Identifier (OID) using a test prefix.
Function New-AttributeID {
$Prefix = "1.2.840.113556.1.8000.2554"
$GUID = [System.Guid]::NewGuid().ToString()
$Parts = @()
$Parts += [UInt64]::Parse($GUID.SubString(0, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(4, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(9, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(14, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(19, 4), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(24, 6), "AllowHexSpecifier")
$Parts += [UInt64]::Parse($GUID.SubString(30, 6), "AllowHexSpecifier")
$OID = [String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}", $Prefix, $Parts[0], $Parts[1], $Parts[2], $Parts[3], $Parts[4], $Parts[5], $Parts[6])
return $OID
}
# ...
#
# Create a new attribute and attach it to User Objects.
#
# PARAMETER $Name
# The name of the attribute you are creating. This will be the CN and the LDAP Display Name. Using a standard prefix
# is a good practice to follow.
#
# PARAMETER $LDAPDisplayName
# The attribute's display name.
#
# PARAMETER $AdminDescription
# A short description that is added as metadata to the attribute.
#
# PARAMETER [$AttributeID]
# An optional Object Identifier (OID) to assign to the attribute. If omitted, a new OID is generated.
Function Update-Schema {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')]
param(
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)]$Name,
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)][Alias('DisplayName')]$LDAPDisplayName,
[Parameter(Mandatory, ValueFromPipelinebyPropertyName)][Alias('Description')]$AdminDescription,
[Parameter(ValueFromPipelinebyPropertyName)][Alias('OID')]$AttributeID = (New-AttributeID)
)
BEGIN {}
PROCESS {
$schemaPath = (Get-ADRootDSE).schemaNamingContext
$type = 'attributeSchema'
$attributes = @{
lDAPDisplayName = $Name;
attributeId = $AttributeID;
oMSyntax = 4; # octet string
attributeSyntax = "2.5.5.10";
isSingleValued = $false;
adminDescription = $AdminDescription;
}
$confirmationMessage = "$schemaPath. This cannot be undone"
$caption = 'Updating Active Directory Schema'
if ($PSCmdlet.ShouldProcess($confirmationMessage, $caption)) {
# ...
#
# Create attribute.
New-ADObject -Name $Name -Type $type -Path $schemapath -OtherAttributes $attributes
# ...
#
# Attach attribute to User Object.
$userSchema = Get-ADObject -SearchBase $schemaPath -Filter 'name -eq "user"'
$userSchema | Set-ADObject -Add @{mayContain = $Name}
}
}
END {}
}
When it iterates through for the first time to create the first attribute, I get this error:
New-ADObject : A referral was returned from the server
At C:\update_ad_schema_shared_ad_storage.ps1:77 char:9
+ New-ADObject -Name $Name -Type $type -Path $schemapath -Other ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (cn=sc-custom1,C...<DomainNameHere>,DC=com:String) [New-ADObject], ADReferralException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.NewADObject
Set-ADObject : The parameter is incorrect
At C:\update_ad_schema_shared_ad_storage.ps1:83 char:23
+ $userSchema | Set-ADObject -Add @{mayContain = $Name}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=User,CN=Sche...<domainNameHere>,DC=com:ADObject) [Set-ADObject], ADInvalidOperationException
+ FullyQualifiedErrorId : ActiveDirectoryServer:87,Microsoft.ActiveDirectory.Management.Commands.SetADObject
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在非主 DC 上执行脚本时会出现此错误。当在主域控制器(带有 FSMO)上运行时,它运行时没有错误!
This error appears when the script was executed on a non-Primary DC. When run on a Primary Domain Controller (with FSMO) it ran w/o error!