Get-ADPrincipalGroupMembership 当任何用户组名称具有“/"时失败 [英] Get-ADPrincipalGroupMembership Fails when any user group name has "/"

问题描述

这真的很烦人而且很难找到，但我已经在我的环境中证明了这一点，所以我想我会在这里发布它，希望能帮助更多人解决它.

This is really annoying and hard to find, but I've proved it in my environment so I thought I'd post it here in hopes of helping more people work around it.

问题是，当使用 Get-ADPrincipalGroupMembership -Identity $User.SamAccountName 并且他们现有的组名之一(他们是其成员)有一个 /(正斜杠)在任何一个组的名称中，它将不会终止该用户的错误.

The problem is, when using Get-ADPrincipalGroupMembership -Identity $User.SamAccountName and one of their existing group names (that they're a member of) has a / (forward slash) in the name of any one group, it will non-terminate error on that user.

所以，我运行 Get-ADGroup -Filter {name -like "*/*"} 来查看我们有多少这样的组，而且有很多.果然，在我的脚本中，catch 块找到了很多人在这个 cmdlet 失败的地方.

So, I ran Get-ADGroup -Filter {name -like "*/*"} to see how many of these groups we have and there were quite a few. And sure enough, in my script the catch block is finding a lot of people where this cmdlet is failing.

foreach ($User in $Users) {
    try {
        $User_MemberOf = @()

        Get-ADPrincipalGroupMembership -Identity $User.SamAccountName |
            Select Name |
            Where-Object {$_.Name -like 'CBA-*'} |
            ForEach-Object { $User_MemberOf += @($_.Name) }

        foreach ($Group in $User_MemberOf) {
            New-Object PSObject -Property @{
                SID = $User.SamAccountName
                Name = $User.name
                Group = $Group 
            } | Export-Csv -Path $logs -NoTypeInformation -Append
        }
    } catch {
        New-Object PSObject -Property @{
            SID = $User.SamAccountName
            Name = $User.name
            Group = "Error processing this user" 
        } | Export-Csv -Path $logs -NoTypeInformation -Append
    }
}

错误信息:

由于内部错误，服务器无法处理请求.有关错误的更多信息，请打开IncludeExceptionDetailInFaults(来自 ServiceBehaviorAttribute或从配置行为)在服务器上命令将异常信息发送回客户端，或者开启根据 Microsoft .NET Framework 3.0 SDK 文档和检查服务器跟踪日志.

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.

谁能为我提供替代解决方案?我还没有找到好的.

Can anyone offer me an alternative solution? I can't find a good one yet.

推荐答案

目前在连接上存在一个未解决的错误.

There is currently an open bug on connect for this.

https://connect.microsoft.com/PowerShell/Feedback/Details/1190397

一种可能的解决方法:

$user = Get-ADUser $accountName  -Properties MemberOf
$groupMembership = New-Object System.Collections.ArrayList
foreach ($group in $user.MemberOf) {
     $groupMembership.Add((Get-ADGroup $group).SamAccountName)
}

这篇关于Get-ADPrincipalGroupMembership 当任何用户组名称具有“/"时失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！