Get-ADGroupMember 找不到绝对存在的组

tag-icon tag-icon active-directory powershell
Get-ADGroupMember 找不到绝对存在的组

当我尝试提取某个组的成员时,出现错误,提示不存在具有该名称的任何内容。我尝试了名称和 SID。但是,如果我仅尝试 ID 该组(Get-ADGroup),它会找到它。

怎么回事?这是一个通用安全组。

PS U:\> Get-ADGroupMember -Identity "Enterprise Admins" -Recursive

Get-ADGroupMember : There is no such object on the server
At line:1 char:1
+ Get-ADGroupMember -Identity "Enterprise Admins" -Recursive
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Enterprise Admins:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory 
   .Management.Commands.GetADGroupMember

PS U:\> Get-ADGroupMember -Identity S-1-5-21-27620331-1835664617-1757479407-519 -Recursive

Get-ADGroupMember : There is no such object on the server
At line:1 char:1
+ Get-ADGroupMember -Identity S-1-5-21-27620331-1835664617-1757479407-5 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (S-1-5-21-276203...-1757479407-519:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory 
   .Management.Commands.GetADGroupMember

PS U:\> Get-ADGroup -Identity 'S-1-5-21-27620331-1835664617-1757479407-519'

DistinguishedName : CN=Enterprise Admins,OU=xxxxxxx,DC=xxxxxxxxx,DC=xxxxx
GroupCategory     : Security
GroupScope        : Universal
Name              : Enterprise Admins
ObjectClass       : group
ObjectGUID        : 53fde7bf-a276-4a74-8442-b47c7b0aa3d8
SamAccountName    : Enterprise Admins
SID               : S-1-5-21-27620331-1835664617-1757479407-519

编辑

为了确保万无一失,我将驱动器号改为 C。没有变化。

PS C:\> Get-ADGroupmember -Identity 'S-1-5-21-27620331-1835664617-1757479407-519'

Get-ADGroupmember : There is no such object on the server
At line:1 char:1
+ Get-ADGroupmember -Identity 'S-1-5-21-27620331-1835664617-1757479407- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (S-1-5-21-276203...-1757479407-519:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory 
   .Management.Commands.GetADGroupMember

相关内容