如何使用 PowerShell 通过 WMI 更新“ds_computer”类上的 LDAP 属性
Posted
技术标签:
【中文标题】如何使用 PowerShell 通过 WMI 更新“ds_computer”类上的 LDAP 属性【英文标题】:How can I update LDAP attributes on the "ds_computer" class through WMI using PowerShell 【发布时间】:2019-05-30 05:33:32 【问题描述】:我无法在 root\directory\ldap 命名空间使用 PowerShell 更新 ds_computer WMI 类的实例。
但是我我能够使用 C# 更新同一个实例。这是我的工作 C# 代码:
string computerName = Environment.GetEnvironmentVariable("ComputerName");
var connectionOptions = new ConnectionOptions();
connectionOptions.Impersonation = ImpersonationLevel.Impersonate;
connectionOptions.Authentication = AuthenticationLevel.PacketPrivacy;
connectionOptions.EnablePrivileges = true;
connectionOptions.Timeout = new TimeSpan(0, 0, 0, 5, 0);
var managementScope = new ManagementScope();
managementScope.Path.Server = computerName;
managementScope.Path.NamespacePath = @"\ROOT\directory\LDAP";
managementScope.Options = connectionOptions;
managementScope.Options.Context.Add("__ProviderArchitecture", 64);
managementScope.Connect();
var context = new ManagementNamedValueCollection();
context.Add("__PUT_EXT_PROPERTIES", new string[] "DS_displayName");
context.Add("__PUT_EXTENSIONS", true);
context.Add("__PUT_EXT_CLIENT_REQUEST", true);
var putOptions = new PutOptions();
putOptions.Context = context;
putOptions.UseAmendedQualifiers = false;
putOptions.Type = PutType.UpdateOnly;
string commandText = string.Format("SELECT * FROM ds_computer WHERE DS_name='0'", computerName);
var managementObjectSearcher = new ManagementObjectSearcher(managementScope, new ObjectQuery(commandText));
var managementObjectCollection = managementObjectSearcher.Get();
var managementObject = managementObjectCollection.Cast<ManagementObject>().FirstOrDefault();
managementObject.SetPropertyValue("DS_displayName", "cs-test");
managementObject.Put(putOptions);
将此代码转换为 PowerShell 会产生以下结果:
PS > $computerName = $env:COMPUTERNAME
PS > $connectionOptions = [System.Management.ConnectionOptions]::New()
PS > $connectionOptions.Impersonation = [System.Management.ImpersonationLevel]::Impersonate
PS > $connectionOptions.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy
PS > $connectionOptions.EnablePrivileges = $true
PS > $connectionOptions.Timeout = [System.TimeSpan]::New(0, 0, 0, 5, 0)
PS > $managementScope = [System.Management.ManagementScope]::New()
PS > $managementScope.Path.Server = $computerName
PS > $managementScope.Path.NamespacePath = "\ROOT\directory\LDAP"
PS > $managementScope.Options = $connectionOptions
PS > $managementScope.Options.Context.Add("__ProviderArchitecture", 64)
PS > $managementScope.Connect()
PS > $context = [System.Management.ManagementNamedValueCollection]::New()
PS > $context.Add("__PUT_EXT_PROPERTIES", @("DS_displayName"))
PS > $context.Add("__PUT_EXTENSIONS", $true)
PS > $context.Add("__PUT_EXT_CLIENT_REQUEST", $true)
PS > $putOptions = [System.Management.PutOptions]::New()
PS > $putOptions.Context = $context
PS > $putOptions.UseAmendedQualifiers = $false
PS > $putOptions.Type = [System.Management.PutType]::UpdateOnly
PS > $commandText = "SELECT * FROM ds_computer WHERE DS_name='$computerName'"
PS > $managementObjectSearcher = [System.Management.ManagementObjectSearcher]::New($managementScope, [System.Management.ObjectQuery]::New($commandText))
PS > $managementObjectCollection = $managementObjectSearcher.Get()
PS > $managementObject = [Linq.Enumerable]::FirstOrDefault([System.Management.ManagementObject[]]$managementObjectCollection)
PS > $managementObject.SetPropertyValue("DS_displayName", "ps-test")
PS > $managementObject.Put($putOptions)
Exception calling "Put" with "1" argument(s): "Value cannot be null.
Parameter name: pUnk"
At line:1 char:1
+ $managementObject.Put($putOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
当然,我更希望能够简单地使用提供的 cmdlet Get-WmiObject/Set-WmiInstance,但不幸的是,这也失败了,结果如下:
PS > $managementObject = Get-WmiObject -Namespace "root\directory\ldap" -Class "ds_computer" -Authentication PacketPrivacy -Impersonation Impersonate -EnableAllPrivileges -Filter "DS_name='$env:COMPUTERNAME'"
PS > Set-WmiInstance -InputObject $managementObject -PutType UpdateOnly -Arguments @DS_displayName="cmdlet1-test"
Set-WmiInstance : Generic failure
At line:1 char:1
+ Set-WmiInstance -InputObject $x -PutType UpdateOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException
+ FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance
我还尝试使用 Get-CimInstance/Set-CimInstance cmdlet,得到了同样非常有用的“通用故障”消息:
PS > $cimInstance = Get-CimInstance -Namespace "ROOT\directory\LDAP" -ClassName "ds_computer" -Filter "DS_name='$env:COMPUTERNAME'"
PS > Set-CimInstance -InputObject $cimInstance -Property @DS_displayName="cmdlet2-test"
Set-CimInstance : Generic failure
At line:1 char:1
+ Set-CimInstance -InputObject $x -Property @DS_displayName="cmdlet2-test" -P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (ds_computer (AD...tyDomainPCG...):CimInstance) [Set-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80041001,Microsoft.Management.Infrastructure.CimCmdlets.SetCimInstanceCommand
【问题讨论】:
【参考方案1】:我想通了。问题在于我存储在 $context["__PUT_EXT_PROPERTIES"]
这不起作用:
$context.Add("__PUT_EXT_PROPERTIES", @("DS_displayName"))
虽然这有效:
$context.Add("__PUT_EXT_PROPERTIES", [string[]]("DS_displayName"))
因此,对于可能遇到此问题的其他人来说,这是一个完全有效的示例:
$context = [System.Management.ManagementNamedValueCollection]::New()
$context.Add("__PUT_EXT_PROPERTIES", [string[]]("DS_displayName"))
$context.Add("__PUT_EXTENSIONS", $true)
$context.Add("__PUT_EXT_CLIENT_REQUEST", $true)
$putOptions = [System.Management.PutOptions]::New()
$putOptions.Context = $context
$putOptions.UseAmendedQualifiers = $false
$putOptions.Type = [System.Management.PutType]::UpdateOnly
$managementObject = Get-WmiObject -Namespace "root\directory\ldap" -Class "ds_computer" -Filter "DS_name='$env:COMPUTERNAME'"
$managementObject.DS_displayName = "cmdlet-test"
$managementObject.Put($putOptions)
【讨论】:
以上是关于如何使用 PowerShell 通过 WMI 更新“ds_computer”类上的 LDAP 属性的主要内容,如果未能解决你的问题,请参考以下文章
如何在没有 WMI 的情况下使用 PowerShell 获取总物理内存大小?
MSSQL/WMI/PowerShell结合篇执行PowerShell远程脚本
powershell 使用PowerShell语法查询WMI
MSSQL/WMI/PowerShell结合篇SQL Server镜像状态变化实时告警