我正在尝试使用Power
Shell DSC将域组添加到本地管理员组.这是代码:
Configuration TestSetup {
Node localhost {
Group Administrators {
GroupName = "Administrators"
MembersToInclude = "MYDOMAIN\TheAdministratorsGroup"
}
}
}
运行时,这会导致以下错误:
PowerShell provider MSFT_GroupResource Failed to execute Test-TargetResource functionality with error message: Could not find a principal with the provided name [mydomain\theadministratorsgroup] + CategoryInfo : InvalidOperation: (:) [],CimException + FullyQualifiedErrorId : ProviderOperationExecutionFailure + PSComputerName : localhost
主体确实存在,我可以通过GUI手动添加它并使用net localgroup.
我知道DSC配置在SYSTEM帐户下执行,所以我认为这可能是SYSTEM帐户想要查询Active Directory的权限问题.但是我使用PsExec运行cmd作为SYSTEM帐户,我能够毫无困难地将域组添加到本地管理员组.
您必须指定凭据:
原文链接:https://www.f2er.com/windows/370027.html例:
获取凭据的方式:
$securedstring = ConvertTo-SecureString -String $Password -AsPlainText -Force [PSCredential]$cred = New-Object System.Management.Automation.PSCredential ($UserName,$securedstring)
这是您需要配置DSC资源的代码
$ConfigurationData = @{
AllNodes = @(
@{
NodeName="*"
PSDscAllowPlainTextPassword=$true
}
@{
NodeName="SRV2-WS2012R2"
}
@{
NodeName="SRV3-WS2012R2"
}
)
}
Node $AllNodes.NodeName
{
LocalConfigurationManager
{
RebootNodeIfNeeded = $false
}
Group $group.Name
{
GroupName = $group.Name
Ensure = $group.Ensure
Members = $group.Members
Credential = $cred
}
}
然后简单地执行
ProcessDscResources -ConfigurationData $ConfigurationData -OutputPath $folderPathTmp Start-DscConfiguration -Wait -Force -Path $folderPathTmp
