使用Powershell解锁AD用户
[英]Unlocking an AD user with Powershell
问题描述
I'm new to Powershell and am struggling to make a script work. 
我是Powershell的新手,正在努力使脚本工作。 I've read many articles here on Overflow and elsewhere and don't see what I'm doing wrong. 我在这里阅读了许多有关“溢出”和其他地方的文章,但看不到我做错了什么。 Any help would be appreciated. 任何帮助,将不胜感激。
I'm trying to create a script that will unlock an AD user remotely while I'm logged-on to may computer as a local admin. 我正在尝试创建一个脚本,该脚本以本地管理员身份登录到计算机时可以远程解锁AD用户。 Here's my script: 这是我的脚本:
Import-module Activedirectory
New-PSSession -ComputerName <Remote ComputerName> -Credential
<domain admin credential>
Import-Module Activedirectory
Unlock-ADAccount
Read-host “Press any key”
I try to execute this from my computer logged-on as a local admin, but pass domain admin credentials. 我尝试从以本地管理员身份登录的计算机上执行此操作,但要传递域管理员凭据。 The script is run as an administrator in Powershell. 该脚本在Powershell中以管理员身份运行。 After I enter my domain password and indicate which user I want to unlock, the message I get is: “Insufficient access rights to perform the operation”. 输入域密码并指示要解锁的用户后,收到的消息是:“访问权限不足,无法执行操作”。
If I run this code interactively in Powershell, line by line, it will unlock the account. 如果我在Powershell中逐行交互式地运行此代码,它将解锁该帐户。 If I run a script asking only to see if the user is locked, it will give me an answer. 如果我运行一个脚本仅询问用户是否被锁定,它将给我一个答案。 If I run the above script from my computer logged-on as the domain admin, it will run and unlock the user. 如果我从以域管理员身份登录的计算机上运行上述脚本,它将运行并解锁用户。
I don't understand why it will not run when I'm logged-on as local admin, given that I'm passing domain admin credentials. 考虑到我要传递域管理员凭据,我不明白为什么当我以本地管理员身份登录时它不会运行。 Any help would be appreciated. 任何帮助,将不胜感激。
2 个解决方案
解决方案1
1 已采纳 2015-08-20 12:25:28
You're creating a PSSession, but not using it. 您正在创建PSSession,但没有使用它。 Try something like this (untested): 尝试以下操作(未经测试):
$computer = "test1"
$cred = Get-Credential
$user = Read-Host User to unlock
$sess = New-PSSession -ComputerName $computer -Credential $cred
Invoke-Command -Scriptblock { param($ADuser) Import-Module Activedirectory; Unlock-ADAccount -Identity $ADuser } -ArgumentList $user -Session $sess
Read-host “Press any key”
解决方案2
0 2015-08-20 15:04:32
Although you could create a PSSession, if you have RSAT installed and have access to the ActiveDirectory module there is no need to do that. 尽管可以创建PSSession,但是如果您安装了RSAT并可以访问ActiveDirectory模块,则无需这样做。 Instead, just use the credential parameter on each AD cmdlet. 相反,只需在每个AD cmdlet上使用凭据参数。 For instance, to unlock a user account using alternate credentials, use the following: 例如,要使用备用凭据解锁用户帐户,请使用以下命令:
Unlock-ADAccount -Identity username -Credential (get-credential)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.