如何使用 PowerShell 通过 WMI 更新“ds_computer”类上的 LDAP 属性

Posted 2023-03-17

【中文标题】如何使用 PowerShell 通过 WMI 更新“ds_computer”类上的 LDAP 属性

【英文标题】：How can I update LDAP attributes on the "ds_computer" class through WMI using PowerShell

【发布时间】：2019-05-30 05:33:32

【问题描述】：

我无法在 root\directory\ldap 命名空间使用 PowerShell 更新 ds_computer WMI 类的实例。

但是我我能够使用 C# 更新同一个实例。这是我的工作 C# 代码：

        string computerName = Environment.GetEnvironmentVariable("ComputerName");

        var connectionOptions = new ConnectionOptions();
        connectionOptions.Impersonation = ImpersonationLevel.Impersonate;
        connectionOptions.Authentication = AuthenticationLevel.PacketPrivacy;
        connectionOptions.EnablePrivileges = true;
        connectionOptions.Timeout = new TimeSpan(0, 0, 0, 5, 0);

        var managementScope = new ManagementScope();
        managementScope.Path.Server = computerName;
        managementScope.Path.NamespacePath = @"\ROOT\directory\LDAP";
        managementScope.Options = connectionOptions;
        managementScope.Options.Context.Add("__ProviderArchitecture", 64);
        managementScope.Connect();

        var context = new ManagementNamedValueCollection();
        context.Add("__PUT_EXT_PROPERTIES", new string[] "DS_displayName");
        context.Add("__PUT_EXTENSIONS", true);
        context.Add("__PUT_EXT_CLIENT_REQUEST", true);

        var putOptions = new PutOptions();
        putOptions.Context = context;
        putOptions.UseAmendedQualifiers = false;
        putOptions.Type = PutType.UpdateOnly;

        string commandText = string.Format("SELECT * FROM ds_computer WHERE DS_name='0'", computerName);
        var managementObjectSearcher = new ManagementObjectSearcher(managementScope, new ObjectQuery(commandText));
        var managementObjectCollection = managementObjectSearcher.Get();
        var managementObject = managementObjectCollection.Cast<ManagementObject>().FirstOrDefault();
        managementObject.SetPropertyValue("DS_displayName", "cs-test");

        managementObject.Put(putOptions);

将此代码转换为 PowerShell 会产生以下结果：

PS > $computerName = $env:COMPUTERNAME

PS > $connectionOptions = [System.Management.ConnectionOptions]::New()
PS > $connectionOptions.Impersonation = [System.Management.ImpersonationLevel]::Impersonate
PS > $connectionOptions.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy
PS > $connectionOptions.EnablePrivileges = $true
PS > $connectionOptions.Timeout = [System.TimeSpan]::New(0, 0, 0, 5, 0)

PS > $managementScope = [System.Management.ManagementScope]::New()
PS > $managementScope.Path.Server = $computerName
PS > $managementScope.Path.NamespacePath = "\ROOT\directory\LDAP"
PS > $managementScope.Options = $connectionOptions
PS > $managementScope.Options.Context.Add("__ProviderArchitecture", 64)
PS > $managementScope.Connect()

PS > $context = [System.Management.ManagementNamedValueCollection]::New()
PS > $context.Add("__PUT_EXT_PROPERTIES", @("DS_displayName"))
PS > $context.Add("__PUT_EXTENSIONS", $true)
PS > $context.Add("__PUT_EXT_CLIENT_REQUEST", $true)

PS > $putOptions = [System.Management.PutOptions]::New()
PS > $putOptions.Context = $context
PS > $putOptions.UseAmendedQualifiers = $false
PS > $putOptions.Type = [System.Management.PutType]::UpdateOnly

PS > $commandText = "SELECT * FROM ds_computer WHERE DS_name='$computerName'"
PS > $managementObjectSearcher = [System.Management.ManagementObjectSearcher]::New($managementScope, [System.Management.ObjectQuery]::New($commandText))
PS > $managementObjectCollection = $managementObjectSearcher.Get()
PS > $managementObject = [Linq.Enumerable]::FirstOrDefault([System.Management.ManagementObject[]]$managementObjectCollection)
PS > $managementObject.SetPropertyValue("DS_displayName", "ps-test")

PS > $managementObject.Put($putOptions)
Exception calling "Put" with "1" argument(s): "Value cannot be null.
Parameter name: pUnk"
At line:1 char:1
+ $managementObject.Put($putOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

当然，我更希望能够简单地使用提供的 cmdlet Get-WmiObject/Set-WmiInstance，但不幸的是，这也失败了，结果如下：

PS > $managementObject = Get-WmiObject -Namespace "root\directory\ldap" -Class "ds_computer" -Authentication PacketPrivacy -Impersonation Impersonate -EnableAllPrivileges -Filter "DS_name='$env:COMPUTERNAME'"
PS > Set-WmiInstance -InputObject $managementObject -PutType UpdateOnly -Arguments @DS_displayName="cmdlet1-test"
Set-WmiInstance : Generic failure
At line:1 char:1
+ Set-WmiInstance -InputObject $x -PutType UpdateOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-WmiInstance], ManagementException
    + FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance

我还尝试使用 Get-CimInstance/Set-CimInstance cmdlet，得到了同样非常有用的“通用故障”消息：

PS > $cimInstance = Get-CimInstance -Namespace "ROOT\directory\LDAP" -ClassName "ds_computer" -Filter "DS_name='$env:COMPUTERNAME'"
PS > Set-CimInstance -InputObject $cimInstance -Property @DS_displayName="cmdlet2-test"
Set-CimInstance : Generic failure
At line:1 char:1
+ Set-CimInstance -InputObject $x -Property @DS_displayName="cmdlet2-test" -P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (ds_computer (AD...tyDomainPCG...):CimInstance) [Set-CimInstance], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041001,Microsoft.Management.Infrastructure.CimCmdlets.SetCimInstanceCommand

【参考方案1】：

我想通了。问题在于我存储在 $context["__PUT_EXT_PROPERTIES"]

中的数组语法

这不起作用：

$context.Add("__PUT_EXT_PROPERTIES", @("DS_displayName"))

虽然这有效：

$context.Add("__PUT_EXT_PROPERTIES", [string[]]("DS_displayName"))

因此，对于可能遇到此问题的其他人来说，这是一个完全有效的示例：

$context = [System.Management.ManagementNamedValueCollection]::New()
$context.Add("__PUT_EXT_PROPERTIES", [string[]]("DS_displayName"))
$context.Add("__PUT_EXTENSIONS", $true)
$context.Add("__PUT_EXT_CLIENT_REQUEST", $true)

$putOptions = [System.Management.PutOptions]::New()
$putOptions.Context = $context
$putOptions.UseAmendedQualifiers = $false
$putOptions.Type = [System.Management.PutType]::UpdateOnly

$managementObject = Get-WmiObject -Namespace "root\directory\ldap" -Class "ds_computer" -Filter "DS_name='$env:COMPUTERNAME'"
$managementObject.DS_displayName = "cmdlet-test"
$managementObject.Put($putOptions)