潜伏了很长时间,但我终于找到了一个找不到答案的问题,因此我决定该加入了。我正在尝试收集早于X天($ DelCompDays)的AD中的计算机列表。然后根据DistinguishedName字段,使用Identity标志删除该计算机。问题甚至出现在域管理员的凭据中:Remove-ADComputer:访问被拒绝

即使我运行Remove-ADComputer -Identity“全名CN或简称”,我也会被拒绝访问。谁有想法?先感谢您!

#Get AD computers older than $DelCompDays
$results = Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan "$DelCompDays.00:00:00"

#Loop and try to delete
foreach ($result in $results){
    if ($result -ne $NULL){
    try {
        Remove-ADComputer -Identity $result.DistinguishedName -confirm:$false
        $Success = "Deleted: $result.DistinguishedName"
        WriteCustomOutput -message "$Success" -foregroundcolor green -backgroundcolor DarkMagenta
    }
    catch {
        $Error = "Failed to delete: $result.DistinguishedName"
        WriteCustomOutput -message "$Error" -foregroundcolor Red -backgroundcolor Black
    }
}
else{
    $Warning = "No computers older than $ArcDays days to delete"
    WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta
}

}

最佳答案

弄清楚了。当以非交互方式运行时,您需要在命令调用中指定凭据。

$secpasswd = ConvertTo-SecureString "ClearTextPass" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("Username", $secpasswd)

Remove-ADComputer -Identity $result.DistinguishedName -Recursive -confirm:$false -credential $creds

关于powershell - Remove-ADComputer:拒绝访问Powershell,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/24049049/

10-14 19:36