无法为本地已掌握的目录同步对象更新指定的属性-更新天蓝色广告中的用户管理器属性

问题描述 投票:0回答:2

已经详尽地寻找解决方案,我希望获得一些指导。

我想更新在本地广告中填充的用户管理器属性,但据我所知,azure / 365不会复制此属性。

因此,我将不得不使用以下代码手动更改它们;

Set-AzureADUserManager -ObjectId "usersid" -RefObjectId "managersid"

一旦我运行它,它将失败,并出现以下错误;

Code: Request_BadRequest
Message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.
RequestId: 
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : NotSpecified: (:) [Set-AzureADUserManager], ApiException
   + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetUserManager

我不确定这是什么问题,因为用户管理器已与Windows广告作为源同步地进行了天蓝色同步。

谢谢。

powershell active-directory azure-active-directory office365 windows-server-2012
2个回答
0
投票

根据the docsManager属性已同步。

GetSet cmdlet在DistinguishedNameObjectGUID参数中都需要ObjectSIDSamAccountName-Identity-Manager

您应该可以:

# set the manager property for the user
Get-ADUser -Identity "<THE USER>" | Set-ADUser -Manager "<THE MANAGER>"

之后,您可以使用类似的方法强制执行A​​D同步:

$server  = 'YourAzureConnectServer'
$cred    = Get-Credential -Message 'Please enter user name and password for AD Sync'
$session = New-PSSession -ComputerName $server -Credential $cred

Invoke-Command -Session $session {
    if (Get-ADSyncConnectorRunStatus) {
        Write-Warning "A sync is already in progress. Please try again later."
    }
    else {
        Write-Host "Initializing Azure AD Delta Sync..." -ForegroundColor Yellow
        try {
            Start-ADSyncSyncCycle -PolicyType Delta -ErrorAction Stop

            Write-Host "Waiting for Sync to start.."
            # give the Sync Connector 10 seconds time to start-up
            Start-Sleep -Seconds 10

            Write-Host "Waiting for Sync to finish.."
            While(Get-ADSyncConnectorRunStatus) {
                Write-Host "." -NoNewline
                Start-Sleep -Seconds 5
            }
            Write-Host
            Write-Host "Azure AD Sync has finished." -ForegroundColor Green
        }
        catch {
            Write-Error $_
        }
    }
}

Remove-PSSession $session

您还可以使用Start-ADSyncSyncCycle -PolicyType Initial]强制进行完全属性同步

0
投票

[似乎我需要向同步规则编辑器中添加同步规则-我遵循以下内容-[链接](blog.kloud.com.au/2016/11/14/…)-我添加了一条规则,用于在ad和azure并再次返回,这似乎已经解决了问题,不需要ps脚本。 -再次感谢@theo的帮助。 –

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.