我正在尝试从每个域控制器中为每个用户检索 AD 属性
LastLogonParallel$users = Get-ADUser -Filter "[filter]"
$DCs = Get-ADDomainController -Filter * | Where-Object { $_.Site -in $using:sites }
$users | ForEach-Object -ThrottleLimit 2 -Parallel {
$serv = $using:DCs
foreach ($DC in $serv) {
$lastLogonAD = Get-ADUser -Identity $_ -Properties LastLogon -Server $DC -ErrorAction Stop | Select-Object -ExpandProperty LastLogon
$lastLogonConverted = [datetime]::FromFileTimeUTC($lastLogonAD)
}
}
Get-ADUser:
Line |
7 | … $lastLogonAD = Get-ADUser -Identity $_ -Properties LastLogon -Server …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The server has returned the following error: invalid enumeration context.
我发现,如果删除
-Server foreach ($DC in $DCs) {
$lastLogonAD = Get-ADUser -Identity $_ -Properties LastLogon -ErrorAction Stop | Select-Object -ExpandProperty LastLogon
$lastLogonConverted = [datetime]::FromFileTimeUTC($lastLogonAD)
}
foreach ($DC in $DCs) {
Get-ADUser -Identity $_ -Properties LastLogon -Server $DC -ErrorAction Stop | Select-Object -ExpandProperty LastLogon
$lastLogonConverted = [datetime]::FromFileTimeUTC($lastLogonAD)
}
错误“服务器返回以下错误:无效的枚举上下文。”主要是因为你的代码效率很低,这个错误发生在运行超过30分钟的查询上。请参阅 TechNet 文章 Active Directory 故障排除:服务器返回以下错误 - 枚举上下文无效。
您的并行循环应该运行于每个域控制器而不是每个用户。并行调用应该处理每个运行空间的所有用户。
以下代码的作用:
DistinguishedNameDistinguishedNameDistinguishedNameLastLogonLastLogonLastLogonDate$sites = # needs to be defined here...
# only need the users `DistinguishedName` here
$users = (Get-ADUser -Filter '[filter]').DistinguishedName
# parallel loop per DC instead of per user
Get-ADDomainController -Filter * |
Where-Object { $_.Site -in $sites } |
ForEach-Object -Parallel {
$using:users | Get-ADUser -Properties LastLogon -Server $_
} |
Group-Object DistinguishedName |
ForEach-Object {
$_.Group | Sort-Object LastLogon -Descending |
Select-Object *, @{ N='LastLogonDate'; E={ [datetime]::FromFileTimeUtc($_.LastLogon) }} -First 1
}