潜伏了很长时间,但我终于找到了一个找不到答案的问题,因此我决定该加入了。我正在尝试收集早于X天($ DelCompDays)的AD中的计算机列表。然后根据DistinguishedName字段,使用Identity标志删除该计算机。问题甚至出现在域管理员的凭据中:Remove-ADComputer:访问被拒绝
即使我运行Remove-ADComputer -Identity“全名CN或简称”,我也会被拒绝访问。谁有想法?先感谢您!
#Get AD computers older than $DelCompDays
$results = Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan "$DelCompDays.00:00:00"
#Loop and try to delete
foreach ($result in $results){
if ($result -ne $NULL){
try {
Remove-ADComputer -Identity $result.DistinguishedName -confirm:$false
$Success = "Deleted: $result.DistinguishedName"
WriteCustomOutput -message "$Success" -foregroundcolor green -backgroundcolor DarkMagenta
}
catch {
$Error = "Failed to delete: $result.DistinguishedName"
WriteCustomOutput -message "$Error" -foregroundcolor Red -backgroundcolor Black
}
}
else{
$Warning = "No computers older than $ArcDays days to delete"
WriteCustomOutput -message "$Warning" -foregroundcolor yellow -backgroundcolor DarkMagenta
}
}
最佳答案
弄清楚了。当以非交互方式运行时,您需要在命令调用中指定凭据。
$secpasswd = ConvertTo-SecureString "ClearTextPass" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("Username", $secpasswd)
Remove-ADComputer -Identity $result.DistinguishedName -Recursive -confirm:$false -credential $creds
关于powershell - Remove-ADComputer:拒绝访问Powershell,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/24049049/