1. ホーム
  2. 質問と答え
  3. 新-ADUserのアクセスは、PowerShellスクリプト

新-ADUserのアクセスは、PowerShellスクリプト

2017-03-09 1 views
-1

でエラーを否定した:新-ADUserのアクセスは、PowerShellスクリプト

New-ADUser : Access is denied

を私はunrestrictedにリモートサーバー上で実行ポリシーを設定しているともEnable-PSRemotingのコマンドを実行している

Powershell.exe "C:\Users\admin\Scripts\usercreationscript.ps1" -department 'Accounting - North America' -GivenName 'test' -Surname 'testlast' -path 'OU=users,DC=domain1,DC=com' -Title 'Sys Admin' -Office 'NJ' -StreetAddress '123 ST' -City 'Moorestown' -PostalCode '08057' -State 'NJ' -Manager 'Jacobb' -MercuryFlag 0 -MirroredUser 'jacobb' -username 'test.testlast'

:誰かがコマンドボタンの問題があり、以下のWinフォームのボタンをクリックし、ときにスクリプトが実行されます。メッセージが表示されたときに提供する資格情報は、ドメイン管理者の資格情報です。 *

Powershell ISEでスクリプトを開くと、スクリプトにあるEnter-PSSessionコマンドでリモートサーバーに接続でき、ADアカウントを正常に作成できます。

私はこの問題の原因を紛失しています。私は を変更することにより、それを修正することができました

param([string]$username, [string]$department, [string]$GivenName, [string]$Surname, [string]$path, [string]$Title, [string]$Office, [string]$StreetAddress, [string]$City, [string]$PostalCode, [string]$State, [string]$Manager, [string]$MercuryFlag, [string]$MirroredUser) 

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) 
{ 
#"No Administrative rights, it will display a popup window asking user for Admin rights" 

$arguments = "& '" + $myinvocation.mycommand.definition + "'" 
Start-Process "$psHome\powershell.exe" -Verb runAs -ArgumentList $arguments 

break 
} 
#"After user clicked Yes on the popup, your file will be reopened with Admin rights" 
#"Put your code here" 


#region - Required Functions - ONLY MODIFY AFTER BACKING UP COPY OF SCRIPT 


function connect-Domain1AD { 
Enter-PSSession -ComputerName DC1.domain1.com -Credential $Credentialdomain1 
} 
function Connect-Domain1Exchange { 
$domain1session = New-PSSession -Authentication Kerberos -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://exchange1.domain1.com/Powershell' -Credential $Credentialdomain1 
Import-PSSession $domain1session 
} 
function Connect-Domain2Exchange { 
$session = New-PSSession -Authentication Kerberos -ConnectionUri 'http://exchange1.domain2.com/Powershell' -Credential $Credentialdomain2 
Enter-PSSession $Session 
} 
function Connect-Domain2AD { 
Enter-PSSession -ComputerName Dc1.domain2.com -Credential $Credentialdomain2 
} 
function New-Domain2User{ 
$userroot ="\\arizona\RemoteAppProfiles\$USERNAME" 
New-ADUser ` 
     -name ($givenname + " " + $surname) ` 
     -SamAccountName $Username ` 
     -department $department ` 
     -Title $title ` 
     -office $office ` 
     -StreetAddress $street ` 
     -city $city ` 
     -State $state ` 
     -PostalCode $PostalCode ` 
     -path "OU=users,DC=domain2,DC=com" ` 
     -GivenName $GivenName ` 
     -Surname $Surname ` 
     -DisplayName ($givenname + " " + $surname) ` 
     -userPrincipalName ($username + "@domain2.com") ` 
     -AccountPassword (ConvertTo-SecureString "A temp password." -AsPlainText -force) ` 
     -Enabled $true ` 
     -PasswordNeverExpires $true ` 
     -CannotChangePassword $false ` 
     -ProfilePath \\arizona\RemoteAppProfiles\$Username\ ` 
     -HomeDrive U: ` 
     -HomeDirectory $userroot 
Set-ADUser $USERNAME -Add @{extensionattribute14=$username} 
} 
function New-Domain1User { 
New-aduser -name ($givenname + " " + $surname) ` 
     -GivenName $givenname ` 
     -Surname $surname ` 
     -DisplayName ($givenname + " " + $surname) ` 
     -SamAccountName $Username ` 
     -userPrincipalName ($username + "@goevo.com") ` 
     -path $path ` 
     -AccountPassword (ConvertTo-SecureString "A temp password." -AsPlainText -force) ` 
     -Enabled $true ` 
     -PasswordNeverExpires $false ` 
     -CannotChangePassword $false ` 
     -department $department ` 
     -Title $title ` 
     -office $office ` 
     -StreetAddress $street ` 
     -city $city ` 
     -State $state ` 
     -PostalCode $zipcode ` 
     -Manager $Manager 
} 
function New-Domain1Mailbox { 
Enable-mailbox -identity $username 
Set-Mailbox -identity $username ` 
    -customAttribute1 "Domain1" ` 
    -customAttribute2 "user" ` 
    -customAttribute3 "Internal" ` 
    -customAttribute5 $office ` 
    -customattribute6 $department ` 
    -customattribute7 $ca7 ` 
    -customattribute8 $ca8 
    } 

#endregion - Required Functions 

Write-Host $MercuryFlag 


If($MercuryFlag -eq '1'){ 

Set-variable -name Credentialdomain2 -value $Host.ui.PromptForCredential("Need Domain2 credentials", "Please enter your Domain2 user name and password:", "", "Domain2.com") -scope global 
Connect-Domain2AD 
import-module activedirectory 
New-Domain2User 
Exit-PSSession 
get-pssession | remove-pssession 

Set-variable -name Credentialdomain1 -value $Host.ui.PromptForCredential("Need Domain1 credentials", "Please enter your Domain1 user name and password:", "", "Domain1.com") -scope global 
connect-Domain1AD 
New-Domain1User 
Exit-PSSession 
get-pssession | remove-pssession 
Connect-Domain1Exchange 
New-Domain1Mailbox 
Exit-PSSession 
get-pssession | remove-pssession 
} 
else { 
Set-variable -name Credentialdomain1 -value $Host.ui.PromptForCredential("Need Domain1 credentials", "Please enter your Domain1 user name and password:", "", "Domain1.com") -scope global 
connect-Domain1AD 
New-Domain1User 
Exit-PSSession 
get-pssession | remove-pssession 
Connect-Domain1Exchange 
New-Domain1Mailbox 
Exit-PSSession 
get-pssession | remove-pssession 
}

出典

2017-03-09 Jake

答えて

0

全スクリプト

function connect-Domain1AD { 
Enter-PSSession -ComputerName DC1.domain1.com -Credential $Credentialdomain1 
} 


function connect-Domain1AD { 
$domain1ad = new-pssession -ComputerName DC1.domain1.com -Credential $Credentialdomain1 
Invoke-Command –Session $domain1ad –ScriptBlock {Import-Module ActiveDir*} 
Import-PSSession –Session $domain1ad –Module ActiveDir* -AllowClobber 
}
には、

出典

2017-03-09 19:16:26 Jake

関連する問題

 関連する問題