运行下面的代码来添加对文件夹的修改权限时出错。我发现一个常见的解决方案是确保 AD 用户存在。我仔细检查了我使用的所有用户是否存在,但仍然出现以下错误。
Set-Acl : Some or all identity references could not be translated.
At line:113 char:12
+ $acl | Set-Acl -Path $folder -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (\\DEFRNETCLU001...ta\Projects\ABC:String) [Set-Acl], IdentityNotMappedException
+ FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand
Param (
[Parameter (Mandatory=$true)] [STRING] $region,
[Parameter (Mandatory=$true)] [STRING] $ProjectCode
)
#----------------------------
#Configuring the new Modify Access Rule to the ACL
$Rights = [System.Security.AccessControl.FileSystemRights]"Modify"
#Define the ACL Inheritance and Propagation arguments
$InheritFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropFlag = [System.Security.AccessControl.PropagationFlags]::None
# Define the ACL Type
$AccessCntlType = [System.Security.AccessControl.AccessControlType]::Allow
# Define the ACL User argument
$DataGrp = New-Object System.Security.Principal.NTAccount("GP_" + $ProjectName + "_COG_ADMN_LCL")
$folder = "\\"+$region+"NETCLU001_data.aws.example.com\Cognos_Analytics_Prod\Project_Data\Projects\"+$ProjectName
if(Test-Path -Path $folder){
Write-Host ("Folder security changes will be apply to " + $ProjectName)
Write-Output($folder)
#Retrieve the current ACL of the $ProjectFolder
$acl = Get-Acl -Path $folder
#$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($DataGrp, $Rights, $InheritFlag, $PropFlag, $AccessCntlType)
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($DataGrp, $Rights, $InheritFlag, $PropFlag, $AccessCntlType)
#Setting the new access rule to the ACL
$acl.AddAccessRule($AccessRule) #AddAccessRule
#Save changes defining the $ProjectFolder ACL
$acl | Set-Acl -Path $folder -Verbose
#Check if new entry was added
Write-Host("Below you can see the permission list for folder " + $ProjectName)
Get-Acl $folder | fl
}
else{
Write-Host ("Project folder " + $ProjectName +"does not exists in " + $Projects)
}