跨域Get-AdPrincipalGroupMembership是否需要最小权限?
[英]Miminum permissions required for cross domain Get-AdPrincipalGroupMembership?
问题描述
Forest 1 
森林1
Parent Domain A 父域A
|___Child Domain A | ___子域A
Forest 2 森林2
Parent Domain B 父域B
Two Way trust between Forest 1 Child Domain A and Forest 2 Parent Domain B 森林1子域A和森林2父域B之间的双向信任
User is in Parent Domain B 用户在父域B中
Group is in Child Domain A 群组位于子域A中
Credentials are in Child Domain A 凭据位于子域A中
Get-ADPrincipalGroupMembership -Identity 'Parent Domain B User' -server 'Parent Domain B DC' -ResourceContextServer 'Child Domain A DC' -Credential 'Child Domain A User Creds'
This returns the following error: 这将返回以下错误:
Get-ADPrincipalGroupMembership : An operations error occurred
I can't figure out which domain the credentials need to be in and what the minimum permissions needed are. 我无法弄清楚凭据需要位于哪个域以及所需的最低权限是多少。
1 个解决方案
解决方案1
0 2018-05-28 12:42:10
"An operations error occurred" usually indicates that some of the inputs you have given are wrong. “发生操作错误”通常表示您提供的某些输入错误。 It does not indicate a permissions issue. 它并不表示权限问题。
I tried it in our environment since we do have a similar setup, and I was able to run the command without error. 因为我们有类似的设置,所以我在我们的环境中进行了尝试,并且能够无错误地运行命令。
For 'Parent Domain B User' I used only the sAMAccountName , and for the two DC's, I used the DNS names of the domains. 对于'Parent Domain B User'我仅使用sAMAccountName ,对于两个DC,我使用域的DNS名称。 You should need to specify exact DCs - just the domain names. 您应该需要指定确切的DC-仅域名。
Get-ADPrincipalGroupMembership -Identity 'username' -server 'domain1.com' -ResourceContextServer 'domain2.com'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.