我试图从ruby脚本为Active Directory中的现有用户运行enable-mailbox命令 . 我正在使用this winrm gem . 到目前为止,我已经能够使用winrm和kerberos身份验证连接到Exchange服务器 . 我可以从powershell运行一个Exchange管理shell . 从那里我可以执行交换命令 .
但是,当我尝试运行enable-mailbox时,我收到以下错误:
Active Directory操作失败 . “domain \ account”提供的凭据无效 .
'操作失败了' . 是逐字的 . 你认为应该有的空间里没有文字 . 域\帐户与我通过kerberos成功连接winrm时使用的帐户相同 .
这是我的简单代码:
endpoint = 'http://server:5985/wsman'
krb5_realm = 'myrealm'
winrm = WinRM::WinRMWebService.new(endpoint, :kerberos, :realm => krb5_realm)
#exch_cmd = "Get-Help Enable-Mailbox" NOTE THAT THIS COMMAND WORKS FINE
exch_cmd = "Enable-Mailbox -Identity:'user DN' -Alias:'username' -Database:'mailbox'"
command = "powershell -psconsolefile \"C:\\Program Files\\Microsoft\\Exchange Server\\V15\\bin\\exshell.psc1\" -command \". "+exch_cmd+"\""
winrm.cmd(command) do |stdout, stderr|
STDOUT.print stdout
STDERR.print stderr
end
谢谢你的帮助!
1 回答
我们设法让它发挥作用 . 我必须首先连接到“管理”服务器以启动powershell命令 .
endpoint = 'http://YOURSERVER:5985/wsman' krb5_realm = 'YOURREALM' winrm = WinRM::WinRMWebService.new(endpoint, :kerberos, :realm => krb5_realm)然后我不得不修改交换命令:
exch_cmd = "Enable-Mailbox -Identity:'DOMAIN/OU/#{fullname}' -Alias:'#{username}' -Database:'#{MailboxDB}'"command = "powershell -NonInteractive -WindowStyle Hidden -command \" $username = '#{account}'; $password = ConvertTo-SecureString '#{password}' -asplaintext -force; $UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,$password; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri #{server} -Authentication Kerberos -Credential $UserCredential; Invoke-Command -Session $Session {#{exch_cmd}}\""在管理和Exchange服务器上,服务帐户需要位于远程管理组中 . 您还需要根据本指南更新SDDL:http://www.sevecek.com/Lists/Posts/Post.aspx?ID=280根据您的服务器配置,这将有所不同 .