Powershell 测试ADCredential在Windows 10上失败,但在Windows 7上工作
在其他任何情况下,我都不能被视为系统管理员。相反,我支持ERP系统,并使用PowerShell作为编程语言来完成各种事情,因为我无法访问ERP所用的语言。所以,请原谅我对这个问题的无知Powershell 测试ADCredential在Windows 10上失败,但在Windows 7上工作,powershell,active-directory,Powershell,Active Directory,在其他任何情况下,我都不能被视为系统管理员。相反,我支持ERP系统,并使用PowerShell作为编程语言来完成各种事情,因为我无法访问ERP所用的语言。所以,请原谅我对这个问题的无知 为了使我们的ERP与工程系统保持同步,我创建了一套程序。第一个验证用于在PC上登录的AD帐户密码,并将其输出到文件以供以后使用。该程序在开发它的Windows 7机器上运行。但是,在Windows 10计算机上运行时会出现此错误。“Test ADCredential”功能是从实习生那里偷来的,不是我的 Excep
为了使我们的ERP与工程系统保持同步,我创建了一套程序。第一个验证用于在PC上登录的AD帐户密码,并将其输出到文件以供以后使用。该程序在开发它的Windows 7机器上运行。但是,在Windows 10计算机上运行时会出现此错误。“Test ADCredential”功能是从实习生那里偷来的,不是我的
Exception calling "ValidateCredentials" with "2" argument(s): "The server cannot handle directory requests."
At C:\GitRepo\PowerShellScripts\TeamCenter2M3AdCheck.ps1:20 char:9
+ $DS.ValidateCredentials($UserName, $Password)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DirectoryOperationException
开发计算机(Windows 7)上的PowerShell:
Windows 10上的版本:
Name Value
---- -----
PSVersion 5.1.15063.786
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.15063.786
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
节目如下:
# TeamCenter2M3AdCheck.ps1 Verify the password for current user and pass the user/id for MDI update
# 02/05/2018
param ([string]$IniFile)
Import-Module "C:\GitRepo\PowerShellScripts\TeamCenter2M3Setup.psm1" -Force
function Test-ADCredential {
[CmdletBinding()]
Param ([string]$UserName,
[string]$Password)
if (!($UserName) -or !($Password)) {
Write-Warning 'Test-ADCredential: Please specify both user name and password'
} else {
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
$DS.ValidateCredentials($UserName, $Password)
}
} # function Test-ADCredential
# Initilize globlal variables from the INI file
IniParameters -IniFile $IniFile
$PasswordFile = $TC2M3Dir + "TeamCenterPassword.csv"
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
[Byte[]] $Key = (1..16)
$UserId = $env:USERNAME
Do { #loop until password is okay
# Request the account's password
$SecurePassword = Read-Host -AsSecureString -Prompt "Enter password for $UserId"
$UnsecurePassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword))
$Okay = Test-ADCredential -UserName $UserId -Password $UnsecurePassword
If ($Okay) {
$PasswordString = ConvertFrom-SecureString -SecureString $SecurePassword -Key $Key
$CsvText = "AdAccount,Password`n$UserId,$PasswordString"
Out-File -FilePath $PasswordFile -InputObject $CsvText -Encoding ascii
}
else {
Write-Host "Password failed. Please try again or press Ctrl+c" -ForegroundColor Red
}
} Until ($Okay)
提前感谢您的帮助。更改:
$DS.ValidateCredentials($UserName, $Password)
致:
从本质上讲,在新机器上,可能会退回到尝试使用基本身份验证,而不是使用“协商”(即使用Kerberos或NTLM加密到AD的连接)来进行验证。通过显式地将上下文选项设置为强制协商或密封(另一种加密变体),这应该可以解决问题
我确认我能够在Windows10上运行代码
参考资料:
$DS.ValidateCredentials($UserName, $Password)
$DS.ValidateCredentials($UserName, $Password, [DirectoryServices.AccountManagement.ContextOptions]::Negotiate -bor [DirectoryServices.AccountManagement.ContextOptions]::Sealing)