2
我遇到一個奇怪的問題,使用pywinrm模塊的Python代碼。 讓我解釋一下。我有,我啓動以下python腳本在Linux服務器:Pywinrm和Active Directory PowerShell cmdlet
import winrm
"""Create security group"""
s = winrm.Session('https://servername:5986/wsman',
auth=(None, None), transport='kerberos',
server_cert_validation='ignore')
name = "test"
path = "OU=Security Groups,DC=test,DC=org"
ps_command = 'New-ADGroup -Name "{0}"
-GroupScope Universal
-GroupCategory Security
-Path "{1}" -Server ldap.test.org'.format(name, path)
r = s.run_ps(ps_command)
if r.status_code == 0 :
print(r.std_out.decode('UTF-8'))
else:
print(r.std_err('UTF-8'))
這一次將連接在Windows服務器上(不是DC),然後將啓動組創建的命令的HTTPS偵聽器。
當我直接在Windows服務器上啓動AD cmdlet時,它完美地工作,安全組在AD中創建。但是,通過腳本,我有如下反應:
$ python3 test_winrm.py
New-ADGroup : Unable to contact the server. This may be because this server does not exist, it is currently down,
or it does not have the Active Directory Web Services running.
At line:1 char:1
+ New-ADGroup -Name "test" -GroupScope Universal -GroupCategory Security
-Path "O ...
+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ADGroup], ADServer
DownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector
y.Management.Commands.NewADGroup
我想還注意到,如果我通過一個基本的替換當前的PowerShell命令(例如,建立在Windows服務器上的文件夾中),它作品。
因此,即使安裝了RSAT,它也可以在Windows服務器上本地運行,但無法與AD cmdlet一起運行......您是否有過此主題的以前的經驗?
感謝您的幫助。
聽起來像[double hop](https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/)問題。 – BenH