stackoom
  简体   繁体   中英

Insufficient access rights to perform the operation — Powershell

 原文  2013-01-11 16:51:41       powershell/ permissions/ active-directory/ powershell-2.0

Question

I am writing a simple script to copy AD group membership from one user to the other. I am doing it using the ActiveDirectory module only.

The script looks like it would work and does work up until I try to ad the groups to the user.

Code: 

import-module ActiveDirectory
$templateUser = get-ADUser user1
$targetUser = getADUser user2

$groups =get-adprincipalgroupmembership $templateUser
$groups2 = get-ADPrincipalGroupMembership $targetUser

foreach($group in $groups) {
    add-adGroupMember $group $targetUser
}

Error: 

Add-ADGroupMember : insufficient access rights to performt the operation
At line:9 char:18
+ FullyQualifiedErrorID : Insufficient access rights to perform the operation,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

Notes/Thoughts:

I am logged in as a normal user, but I ran the powershell as a different user (my admin account). I am not a local admin, but I am an admin on the domain. I am able to add the user to groups if I launch the AD Tools and do it manually (I have permissions to add to those groups).

Edit:

Run the powershell as admin.

4 answers

solution1
 5 ACCPTED  2013-01-15 14:11:01

以管理员身份运行powershell。

solution2
 2  2013-05-21 03:01:14

I hit this today in Server 2012. I was running the powershell as Administrator, I was a domain admin, I was a local admin, I was every kind of admin I could find.

I "fixed" it by using the Active Directory Users and Computers tool, adding myself as the Manager of the AD groups I was trying to add users to, and ticked the box to allow the manager to change membership. I could then run AD-AddGroupMember happily.

solution3
 0  2016-08-31 19:46:15

I ran into this problem as well using Powershell remoting to connect to a domain controller.

In my case it turned out Include inheritable permissions from this object's parent was turned off for the specific object I couldn't change.

solution4
 0  2019-05-16 15:33:58

I ran into this issue today where an automated system was using powershell scripts for various things.... It turned out to be executionpolicy. We were running our script with the ExecutionPolicy Bypass flag, and even running the command directly in powershell outside of a script wouldn't work, but once we set executionpolicy to unrestricted, everything magically worked.

For us we were able to create security groups even, but not add users to groups via powershell, even though we could make the same changes in ADUC.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS PowerShell error Insufficient privileges to perform this action Connect-ADAccount with service principal: Insufficient privileges to perform requested operation Insufficient privileges to complete the operation - PowerShell Creating Azure Ad Apps fails Remove-ADPrincipalGroupMembership 'insufficient rights' Powershell throws error Cannot perform operation because operation ReportWrongProviderType is not valid Assigning file access rights to IIS_IUSRS using PowerShell Efficiently querying the Windows Active Directory for delegated access rights using Powershell Powershell command to remove/replace access/owner rights on all files and folders access network path from PowerShell running with Administrative Rights Does “Set-Content” in PowerShell keep the File Access rights?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM