由于内部错误,服务器无法处理请求
Get-ADPrincipalGroupMembership在为 AD 中的某些用户帐户运行帐户 Powershell 命令时,我遇到了以下错误消息。
我彻底搜索了互联网,但什么也没找到,因此我继续挖掘、打开详细功能、跟踪、测试、比较等等。
我终于找到了原因和解决方案(就我而言),所以我想在这里将其作为一个问题和答案发布,因为我在故障排除过程中在其他地方找不到太多信息。
如果他们正在处理紧急或关键的事情,这可能有助于人们快速获得解决方案并免去一些麻烦。
完整的 Powershell 错误消息
PS C:\Users\User> Get-ADPrincipalGroupMembership <AccountName>
Get-ADPrincipalGroupMembership : The server was unable to process the request due to an
internal error. For more information about the error, either turn on
IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the
<serviceDebug> configuration behavior) on the server in order to send the exception
information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0
SDK documentation and inspect the server trace logs.
At line:1 char:1
+ Get-ADPrincipalGroupMembership <AccountName>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (<AccountName>:ADPrincipal) [Get-ADPrincipalGr
oupMembership], ADException
+ FullyQualifiedErrorId : The server was unable to process the request due to an inter
nal error. For more information about the error, either turn on IncludeExceptionDetai
lInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configurati
on behavior) on the server in order to send the exception information back to the clie
nt, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and i
nspect the server trace logs.,Microsoft.ActiveDirectory.Management.Commands.GetADPrinc
ipalGroupMembership
答案1
原因(就我而言)
- AD 中有一个 OU,其中一个帐户位于
/该 OU 的名称中有一个 [ ] 正斜杠字符。 - AD 中有一个组,其中
Group Name也包含 [/] 正斜杠字符。
解决方案(就我而言)
我从 OU 和组名中删除了所有正斜杠字符,之后一切都按预期工作。
- 我知道这些组没有 LDAP 或任何硬编码的 OU 路径或在其他系统的任何地方设置的映射,所以在我的情况下,只需替换无效字符就足够了。