Powershell ACL 失败

tag-icon tag-icon powershell active-directory acl
Powershell ACL 失败

运行下面的代码来添加对文件夹的修改权限时出错。我发现一个常见的解决方案是确保 AD 用户存在。我仔细检查了我使用的所有用户是否存在,但仍然出现以下错误。

Set-Acl : Some or all identity references could not be translated.
At line:113 char:12
+     $acl | Set-Acl -Path $folder  -Verbose
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (\\DEFRNETCLU001...ta\Projects\ABC:String) [Set-Acl], IdentityNotMappedException
    + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.PowerShell.Commands.SetAclCommand

Param ( 
        [Parameter (Mandatory=$true)] [STRING] $region,
        [Parameter (Mandatory=$true)] [STRING] $ProjectCode
        )

#----------------------------
    #Configuring the new Modify Access Rule to the ACL
    $Rights = [System.Security.AccessControl.FileSystemRights]"Modify"

    #Define the ACL Inheritance and Propagation arguments
    $InheritFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"

    $PropFlag = [System.Security.AccessControl.PropagationFlags]::None

    # Define the ACL Type
    $AccessCntlType = [System.Security.AccessControl.AccessControlType]::Allow

    # Define the ACL User argument
    $DataGrp = New-Object System.Security.Principal.NTAccount("GP_" + $ProjectName + "_COG_ADMN_LCL")

$folder = "\\"+$region+"NETCLU001_data.aws.example.com\Cognos_Analytics_Prod\Project_Data\Projects\"+$ProjectName
if(Test-Path -Path $folder){
     Write-Host ("Folder security changes will be apply to " + $ProjectName)


    Write-Output($folder)
    #Retrieve the current ACL of the $ProjectFolder 
    $acl = Get-Acl -Path $folder

    #$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($DataGrp, $Rights, $InheritFlag, $PropFlag, $AccessCntlType)
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($DataGrp, $Rights, $InheritFlag, $PropFlag, $AccessCntlType)


    #Setting the new access rule to the ACL
    $acl.AddAccessRule($AccessRule)    #AddAccessRule

    #Save changes defining the $ProjectFolder ACL
    $acl | Set-Acl -Path $folder  -Verbose

    #Check if new entry was added 
    Write-Host("Below you can see the permission list for folder " + $ProjectName)

    Get-Acl $folder | fl 
     }
else{
     Write-Host ("Project folder " + $ProjectName +"does not exists in " + $Projects)
   }

相关内容